[wp-trac] [WordPress Trac] #60934: Internal Subnets are being blocked by wp_parse_url and why?
WordPress Trac
noreply at wordpress.org
Fri Apr 5 08:15:57 UTC 2024
#60934: Internal Subnets are being blocked by wp_parse_url and why?
-------------------------------------+------------------------------
Reporter: erenfro | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: HTTP API | Version: trunk
Severity: normal | Resolution:
Keywords: close reporter-feedback | Focuses:
-------------------------------------+------------------------------
Comment (by dd32):
Upon looking at some of those examples provided, they seem like valid uses
of the functionality. Primarily as in those cases, one would not want to
request an internal URL.
With the additional information from one of the tickets created on the
plugins:
> run on the very same cluster of servers running my WordPress site, that
no traffic ever left WordPress or my webserver specifically while
resolving the mastodon's domain name to a local internal subnet IP. When
changing this to an external internet address IP, however, things
magically worked.
I would say this is a server configuration issue; as although I understand
why you'd want to resolve it locally (Probably because the external-ip
isn't routable from the cluster, or, doing so does leave the network only
to come back) doing so makes it impossible to differentiate the public
sites from say, your security cameras web interface that's only otherwise
accessible to your LAN.
In that case, the correct way is to use the
`http_request_host_is_external` filter to specify that "Yes, mydomain.tld
resolved to 10.2.3.4 but it IS an external URL and not local, proceed with
requesting it".
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60934#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list