XF 2.2 When a Guzzle request is made is "referer" included in the headers?

Kevin

Kevin

Well-known member
I'm running into a scenario where I think the issue may be that the when XF makes a call to an outbound file (such as to proxy images) that the Guzzle request is not including a referer value in the header. Should it be? If not, is there any way of getting it to include it (like an entry in config 🤔)?

The slightly longer explanation of what I'm doing is that I'm testing the current version of XF using the Amazon S3 add-on for file storage with Amazon CloudFront distributions pointing to the S3 buckets and would like to use WAF to whitelist my own domains and block the rest of the traffic. Sounds good in theory. It works for images that are (a) within the same domain and it works on (b) a second domain pointing to a file on the first domain if the image proxy is turned off but if (c) the image proxy is turned on then the image is shown in the editor with the [img] tags pointing to the remote site and when the post is saved then the post being shown with the proxy image URL for the image doesn't work. Based on those results it would seem to indicate to me that the WAF rule is seeing the referer value as expected in results A & B but is not finding a referer value in result C.

EDIT: Should mention, using curl to test the WAF rules I can simulate making a request with a whitelisted referer and without, both work as expected. It's only requests from within XF, such as the proxy images, that are failing.
 
Last edited:
Sort by date Sort by votes
Thinking about this more, instead of adding the referer value to the header, maybe a quick way of adding a custom key-pair to the header and having WAF look for that? 🤔 (eg: my-key: my-key-value)
 
Upvote 0 Downvote
To answer my own question, no.... only a user-agent value is added to the header when doing a Guzzle HTTP request.

Kevin said:
Thinking about this more, instead of adding the referer value to the header, maybe a quick way of adding a custom key-pair to the header and having WAF look for that? 🤔 (eg: my-key: my-key-value)
Click to expand...
Was easy enough to do but still ended up with hot-linking prevention problem after realizing some images where being displayed on pages and no referer was being added to the header so using the combination of looking for a referer domain and/or a specific key-value pair in the header was failing.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Fullmental
  • Solved
XF 2.2 Image proxy results in broken image links, but only for Imgur.
Replies
2
Views
1K
Fullmental
Fullmental
emiya
  • Question Question
XF 2.2 Image Proxy: some images are broken
Replies
0
Views
578
emiya
emiya
NHUN
  • Question Question
XF 2.2 How to handle attachment in a new forum?
Replies
10
Views
378
Opus X
Opus X
E
  • Solved
XF 2.2 Possible to switch widgets in the same position via a link?
Replies
11
Views
637
Mr Lucky
Mr Lucky
R
  • Solved
XF 2.2 iPhone 15 Pro Photo Uploads - "The uploaded image is too big"
Replies
3
Views
768
ekool
ekool
Top Bottom