[Pkg-owncloud-commits] [owncloud-doc] 20/95: Header Host Poisoning

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud-doc.

commit cea92fadf867d915ae1bbe5facd39d9de6a42690
Author: Steve Robinson <ser72 at owncloud.com>
Date:   Wed Mar 5 15:46:08 2014 -0500

    Header Host Poisoning
---
 admin_manual/installation/installation_source.rst | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/admin_manual/installation/installation_source.rst b/admin_manual/installation/installation_source.rst
index aae5b0a..2cf09db 100644
--- a/admin_manual/installation/installation_source.rst
+++ b/admin_manual/installation/installation_source.rst
@@ -594,6 +594,26 @@ as the web server, please set the data directory to a location outside of the do
 install settings.
 
 
+Note
+~~~~
+When the initial ownCloud configuration is performed, ownCloud will take the URL used to access it and insert that 
+the config.php file under the ‘trusted_domains’ header.  
+
+Users will only be able to log into ownCloud when the addressed URL is as stated in the ‘trusted_domans’  header 
+in the config.php file.  
+
+In the event that a load balancer is in place, as long as it sends the correct X-Forwarded-Host header, there will
+be no issues.  
+
+It should be noted that the loopback address, 127.0.0.1, is white labeled and therefore users on the ownCloud 
+server who access ownCloud with the loopback will successfully login.
+In the event that an improper URL is used, the following error will appear:
+
+
+For configuration examples, refer to the config.php document.
+
+
+
 .. _PHP PPA: https://launchpad.net/~ondrej/+archive/php5
 .. _github gist for further instructions: https://gist.github.com/2200407
 .. _`http://wiki.nginx.org/HttpSslModule`: http://wiki.nginx.org/HttpSslModule

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud-doc.git