XF 1.5 Untrusted Http Client

Sunka

Well-known member
  • A new config.php option $config['untrustedHttpClient'] has been added to allow you to specify a custom configuration when making untrusted HTTP calls such as via the image proxy. For example, this can allow you to direct the connection through a proxy to keep your server's IP hidden.

Regarding this in newest xenforo version, could someone give some examples and elaborate this option little more.
My forum is on https and I am running xenforo proxy for images.

Thank you
 
  • Like
Reactions: rdn
  • $config['untrustedHttpClient'] - default: array()
    When XenForo makes an HTTP call to an untrusted external server, you may specify a specific adapater configuration. For example, this allows you to use an HTTP proxy service to stop your application server's IP from being leaked. The value should be an adapter configuration array like given in this Zend_Http_Client_Adapter_Proxy example.
https://xenforo.com/help/config-php-options/
 
As an example of that configuration:
Code:
$config['untrustedHttpClient'] = array(
   'adapter' => 'Zend_Http_Client_Adapter_Proxy',
   'proxy_host' => '123.123.123.123',
   'proxy_port' => 80
);

You'll need an HTTP proxy to access (either one you run on a different server or an external one).
 
Just a plain web server will do?
Or do we need some sort of script to be run on proxy server?
Thanks!
It needs to be an HTTP proxy. This can be done through a regular web server if you configure it like that. Or it can be done through a dedicated proxy (Squid, https://tinyproxy.github.io/, etc). I don't have experience with setting any of them up so I can't comment on that.
 
As an example of that configuration:
Code:
$config['untrustedHttpClient'] = array(
   'adapter' => 'Zend_Http_Client_Adapter_Proxy',
   'proxy_host' => '123.123.123.123',
   'proxy_port' => 80
);

You'll need an HTTP proxy to access (either one you run on a different server or an external one).
@Mike is the image proxy the only thing that takes advantage of the untrusted HttpClient setup right now ? or other Xenforo features ?
 
Image proxy and auto linking stuff in XF.

It's also used in XFMG from version 1.1.5 with XF 1.5.6 or above installed for everything from automatically grabbing titles, to downloading video thumbnails, to adding media from URLs etc.
 
Good. So it's safe to use this option and the built-in xenforo imageproxy?
Yes. On my website, it's critical the PHP Daemon servers do not expose their IP, yet I also want to protect users from IP logging pixels. I am using a Squid3 proxy on a spare server to fish image content for me.
 
As an example of that configuration:
Code:
$config['untrustedHttpClient'] = array(
   'adapter' => 'Zend_Http_Client_Adapter_Proxy',
   'proxy_host' => '123.123.123.123',
   'proxy_port' => 80
);

You'll need an HTTP proxy to access (either one you run on a different server or an external one).

Is there a way to setup fallback proxies if the first fails?
 
  • Like
Reactions: Naz
No that wouldn't directly be an option. I suppose technically you could run a local proxy that you'd connect to which itself would then work through multiple other proxies as needed, though I'm not sure if there is any proxy package that provides that.
 
Top Bottom