Changeset View
Changeset View
Standalone View
Standalone View
src/applications/config/option/PhabricatorSecurityConfigOptions.php
Show First 20 Lines • Show All 61 Lines • ▼ Show 20 Lines | public function getOptions() { | ||||
$keyring_description = $this->deformat(pht(<<<EOTEXT | $keyring_description = $this->deformat(pht(<<<EOTEXT | ||||
The keyring stores master encryption keys. For help with configuring a keyring | The keyring stores master encryption keys. For help with configuring a keyring | ||||
and encryption, see **[[ %s | Configuring Encryption ]]**. | and encryption, see **[[ %s | Configuring Encryption ]]**. | ||||
EOTEXT | EOTEXT | ||||
, | , | ||||
PhabricatorEnv::getDoclink('Configuring Encryption'))); | PhabricatorEnv::getDoclink('Configuring Encryption'))); | ||||
$require_mfa_description = $this->deformat(pht(<<<EOTEXT | $require_mfa_description = $this->deformat(pht(<<<EOTEXT | ||||
By default, Phabricator allows users to add multi-factor authentication to | By default, this software allows users to add multi-factor authentication to | ||||
their accounts, but does not require it. By enabling this option, you can | their accounts, but does not require it. By enabling this option, you can | ||||
force all users to add at least one authentication factor before they can use | force all users to add at least one authentication factor before they can use | ||||
their accounts. | their accounts. | ||||
Administrators can query a list of users who do not have MFA configured in | Administrators can query a list of users who do not have MFA configured in | ||||
{nav People}: | {nav People}: | ||||
- **[[ %s | %s ]]** | - **[[ %s | %s ]]** | ||||
EOTEXT | EOTEXT | ||||
, | , | ||||
'/people/?mfa=false', | '/people/?mfa=false', | ||||
pht('List of Users Without MFA'))); | pht('List of Users Without MFA'))); | ||||
return array( | return array( | ||||
$this->newOption('security.alternate-file-domain', 'string', null) | $this->newOption('security.alternate-file-domain', 'string', null) | ||||
->setLocked(true) | ->setLocked(true) | ||||
->setSummary(pht('Alternate domain to serve files from.')) | ->setSummary(pht('Alternate domain to serve files from.')) | ||||
->setDescription( | ->setDescription( | ||||
pht( | pht( | ||||
'By default, Phabricator serves files from the same domain '. | 'By default, this software serves files from the same domain '. | ||||
'the application is served from. This is convenient, but '. | 'the application is served from. This is convenient, but '. | ||||
'presents a security risk.'. | 'presents a security risk.'. | ||||
"\n\n". | "\n\n". | ||||
'You should configure a CDN or alternate file domain to mitigate '. | 'You should configure a CDN or alternate file domain to mitigate '. | ||||
'this risk. Configuring a CDN will also improve performance. See '. | 'this risk. Configuring a CDN will also improve performance. See '. | ||||
'[[ %s | %s ]] for instructions.', | '[[ %s | %s ]] for instructions.', | ||||
$doc_href, | $doc_href, | ||||
$doc_name)) | $doc_name)) | ||||
Show All 15 Lines | return array( | ||||
$this->newOption('security.require-https', 'bool', false) | $this->newOption('security.require-https', 'bool', false) | ||||
->setLocked(true) | ->setLocked(true) | ||||
->setSummary( | ->setSummary( | ||||
pht('Force users to connect via HTTPS instead of HTTP.')) | pht('Force users to connect via HTTPS instead of HTTP.')) | ||||
->setDescription( | ->setDescription( | ||||
pht( | pht( | ||||
"If the web server responds to both HTTP and HTTPS requests but ". | "If the web server responds to both HTTP and HTTPS requests but ". | ||||
"you want users to connect with only HTTPS, you can set this ". | "you want users to connect with only HTTPS, you can set this ". | ||||
"to `true` to make Phabricator redirect HTTP requests to HTTPS.". | "to `true` to make this service redirect HTTP requests to HTTPS.". | ||||
"\n\n". | "\n\n". | ||||
"Normally, you should just configure your server not to accept ". | "Normally, you should just configure your server not to accept ". | ||||
"HTTP traffic, but this setting may be useful if you originally ". | "HTTP traffic, but this setting may be useful if you originally ". | ||||
"used HTTP and have now switched to HTTPS but don't want to ". | "used HTTP and have now switched to HTTPS but don't want to ". | ||||
"break old links, or if your webserver sits behind a load ". | "break old links, or if your webserver sits behind a load ". | ||||
"balancer which terminates HTTPS connections and you can not ". | "balancer which terminates HTTPS connections and you can not ". | ||||
"reasonably configure more granular behavior there.". | "reasonably configure more granular behavior there.". | ||||
"\n\n". | "\n\n". | ||||
"IMPORTANT: Phabricator determines if a request is HTTPS or not ". | "IMPORTANT: A request is identified as HTTP or HTTPS by examining ". | ||||
"by examining the PHP `%s` variable. If you run ". | "the PHP `%s` variable. If you run Apache/mod_php this will ". | ||||
"Apache/mod_php this will probably be set correctly for you ". | "probably be set correctly for you automatically, but if you run ". | ||||
"automatically, but if you run Phabricator as CGI/FCGI (e.g., ". | "as CGI/FCGI (e.g., through nginx or lighttpd), you need to ". | ||||
"through nginx or lighttpd), you need to configure your web ". | "configure your web server so that it passes the value correctly ". | ||||
"server so that it passes the value correctly based on the ". | "based on the connection type.". | ||||
"connection type.". | |||||
"\n\n". | "\n\n". | ||||
"If you configure Phabricator in cluster mode, note that this ". | "If you configure clustering, note that this ". | ||||
"setting is ignored by intracluster requests.", | "setting is ignored by intracluster requests.", | ||||
"\$_SERVER['HTTPS']")) | "\$_SERVER['HTTPS']")) | ||||
->setBoolOptions( | ->setBoolOptions( | ||||
array( | array( | ||||
pht('Force HTTPS'), | pht('Force HTTPS'), | ||||
pht('Allow HTTP'), | pht('Allow HTTP'), | ||||
)), | )), | ||||
$this->newOption('security.require-multi-factor-auth', 'bool', false) | $this->newOption('security.require-multi-factor-auth', 'bool', false) | ||||
Show All 24 Lines | return array( | ||||
'automatically turned into clickable links if the URI protocol '. | 'automatically turned into clickable links if the URI protocol '. | ||||
'appears in this set.'. | 'appears in this set.'. | ||||
"\n\n". | "\n\n". | ||||
'This set of allowed protocols is primarily intended to prevent '. | 'This set of allowed protocols is primarily intended to prevent '. | ||||
'security issues with "javascript:" and other potentially '. | 'security issues with "javascript:" and other potentially '. | ||||
'dangerous URI handlers.'. | 'dangerous URI handlers.'. | ||||
"\n\n". | "\n\n". | ||||
'This set is also used to enforce valid redirect URIs. '. | 'This set is also used to enforce valid redirect URIs. '. | ||||
'Phabricator will refuse to issue a HTTP "Location" redirect to a '. | 'This service will refuse to issue a HTTP "Location" redirect '. | ||||
'URI with a protocol not on this set.'. | 'to a URI with a protocol not on this set.'. | ||||
"\n\n". | "\n\n". | ||||
'Usually, "http" and "https" should be present in this set. If '. | 'Usually, "http" and "https" should be present in this set. If '. | ||||
'you remove one or both protocols, some Phabricator features '. | 'you remove one or both protocols, some features which rely on '. | ||||
'which rely on links or redirects may not work.')) | 'links or redirects may not work.')) | ||||
->addExample("http\nhttps", pht('Valid Setting')) | ->addExample("http\nhttps", pht('Valid Setting')) | ||||
->setLocked(true), | ->setLocked(true), | ||||
$this->newOption( | $this->newOption( | ||||
'uri.allowed-editor-protocols', | 'uri.allowed-editor-protocols', | ||||
'set', | 'set', | ||||
array( | array( | ||||
'http' => true, | 'http' => true, | ||||
'https' => true, | 'https' => true, | ||||
▲ Show 20 Lines • Show All 49 Lines • ▼ Show 20 Lines | return array( | ||||
$default_address_blacklist) | $default_address_blacklist) | ||||
->setLocked(true) | ->setLocked(true) | ||||
->setSummary( | ->setSummary( | ||||
pht( | pht( | ||||
'Blacklist subnets to prevent user-initiated outbound '. | 'Blacklist subnets to prevent user-initiated outbound '. | ||||
'requests.')) | 'requests.')) | ||||
->setDescription( | ->setDescription( | ||||
pht( | pht( | ||||
'Phabricator users can make requests to other services from '. | 'Users can make requests to other services from '. | ||||
'the Phabricator host in some circumstances (for example, by '. | 'service hosts in some circumstances (for example, by '. | ||||
'creating a repository with a remote URL or having Phabricator '. | 'creating a repository with a remote URL).'. | ||||
'fetch an image from a remote server).'. | |||||
"\n\n". | "\n\n". | ||||
'This may represent a security vulnerability if services on '. | 'This may represent a security vulnerability if services on '. | ||||
'the same subnet will accept commands or reveal private '. | 'the same subnet will accept commands or reveal private '. | ||||
'information over unauthenticated HTTP GET, based on the source '. | 'information over unauthenticated HTTP GET, based on the source '. | ||||
'IP address. In particular, all hosts in EC2 have access to '. | 'IP address. In particular, all hosts in EC2 have access to '. | ||||
'such a service.'. | 'such a service.'. | ||||
"\n\n". | "\n\n". | ||||
'This option defines a list of netblocks which Phabricator '. | 'This option defines a list of netblocks which requests will '. | ||||
'will decline to connect to. Generally, you should list all '. | 'never be issued to. Generally, you should list all '. | ||||
'private IP space here.')) | 'private IP space here.')) | ||||
->addExample(array('0.0.0.0/0'), pht('No Outbound Requests')), | ->addExample(array('0.0.0.0/0'), pht('No Outbound Requests')), | ||||
$this->newOption('security.strict-transport-security', 'bool', false) | $this->newOption('security.strict-transport-security', 'bool', false) | ||||
->setLocked(true) | ->setLocked(true) | ||||
->setBoolOptions( | ->setBoolOptions( | ||||
array( | array( | ||||
pht('Use HSTS'), | pht('Use HSTS'), | ||||
pht('Do Not Use HSTS'), | pht('Do Not Use HSTS'), | ||||
▲ Show 20 Lines • Show All 49 Lines • ▼ Show 20 Lines | if ($key == 'security.alternate-file-domain') { | ||||
'http://example/')); | 'http://example/')); | ||||
} | } | ||||
$path = $uri->getPath(); | $path = $uri->getPath(); | ||||
if ($path !== '' && $path !== '/') { | if ($path !== '' && $path !== '/') { | ||||
throw new PhabricatorConfigValidationException( | throw new PhabricatorConfigValidationException( | ||||
pht( | pht( | ||||
"Config option '%s' is invalid. The URI must NOT have a path, ". | "Config option '%s' is invalid. The URI must NOT have a path, ". | ||||
"e.g. '%s' is OK, but '%s' is not. Phabricator must be installed ". | "e.g. '%s' is OK, but '%s' is not. This software must be ". | ||||
"on an entire domain; it can not be installed on a path.", | "installed on an entire domain; it can not be installed on a path.", | ||||
$key, | $key, | ||||
'http://phabricator.example.com/', | 'http://devtools.example.com/', | ||||
'http://example.com/phabricator/')); | 'http://example.com/devtools/')); | ||||
} | } | ||||
} | } | ||||
} | } | ||||
} | } |