• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.5 Untrusted Http Client

Sunka

Well-known member
#1
  • A new config.php option $config['untrustedHttpClient'] has been added to allow you to specify a custom configuration when making untrusted HTTP calls such as via the image proxy. For example, this can allow you to direct the connection through a proxy to keep your server's IP hidden.
Regarding this in newest xenforo version, could someone give some examples and elaborate this option little more.
My forum is on https and I am running xenforo proxy for images.

Thank you
 

RoldanLT

Well-known member
#2
  • $config['untrustedHttpClient'] - default: array()
    When XenForo makes an HTTP call to an untrusted external server, you may specify a specific adapater configuration. For example, this allows you to use an HTTP proxy service to stop your application server's IP from being leaked. The value should be an adapter configuration array like given in this Zend_Http_Client_Adapter_Proxy example.
https://xenforo.com/help/config-php-options/
 

Mike

XenForo developer
Staff member
#3
As an example of that configuration:
Code:
$config['untrustedHttpClient'] = array(
   'adapter' => 'Zend_Http_Client_Adapter_Proxy',
   'proxy_host' => '123.123.123.123',
   'proxy_port' => 80
);
You'll need an HTTP proxy to access (either one you run on a different server or an external one).
 

Mike

XenForo developer
Staff member
#7
Just a plain web server will do?
Or do we need some sort of script to be run on proxy server?
Thanks!
It needs to be an HTTP proxy. This can be done through a regular web server if you configure it like that. Or it can be done through a dedicated proxy (Squid, https://tinyproxy.github.io/, etc). I don't have experience with setting any of them up so I can't comment on that.
 

eva2000

Well-known member
#9
As an example of that configuration:
Code:
$config['untrustedHttpClient'] = array(
   'adapter' => 'Zend_Http_Client_Adapter_Proxy',
   'proxy_host' => '123.123.123.123',
   'proxy_port' => 80
);
You'll need an HTTP proxy to access (either one you run on a different server or an external one).
@Mike is the image proxy the only thing that takes advantage of the untrusted HttpClient setup right now ? or other Xenforo features ?
 

Chris D

XenForo developer
Staff member
#10
Image proxy and auto linking stuff in XF.

It's also used in XFMG from version 1.1.5 with XF 1.5.6 or above installed for everything from automatically grabbing titles, to downloading video thumbnails, to adding media from URLs etc.
 

Jawsh

Formerly null0
#15
Good. So it's safe to use this option and the built-in xenforo imageproxy?
Yes. On my website, it's critical the PHP Daemon servers do not expose their IP, yet I also want to protect users from IP logging pixels. I am using a Squid3 proxy on a spare server to fish image content for me.
 

Brent W

Well-known member
#19
As an example of that configuration:
Code:
$config['untrustedHttpClient'] = array(
   'adapter' => 'Zend_Http_Client_Adapter_Proxy',
   'proxy_host' => '123.123.123.123',
   'proxy_port' => 80
);
You'll need an HTTP proxy to access (either one you run on a different server or an external one).
Is there a way to setup fallback proxies if the first fails?
 

Mike

XenForo developer
Staff member
#20
No that wouldn't directly be an option. I suppose technically you could run a local proxy that you'd connect to which itself would then work through multiple other proxies as needed, though I'm not sure if there is any proxy package that provides that.