cron update over the web via secret key (#888)

As an alternative to allowing cron by IP.

Co-authored-by: Michael Klemme <mklemme@mklemme.de>
This commit is contained in:
mklemme1 2020-04-19 14:19:33 +02:00 committed by GitHub
parent 40dc6fe64a
commit bd6510b188
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 2 deletions

View File

@ -5,4 +5,5 @@ define('PSM_DB_PASS', 'db_pass');
define('PSM_DB_NAME', 'db_name'); define('PSM_DB_NAME', 'db_name');
define('PSM_DB_HOST', 'localhost'); define('PSM_DB_HOST', 'localhost');
define('PSM_DB_PORT', '3306'); //3306 is the default port for MySQL. If no specfic port is used, leave it empty. define('PSM_DB_PORT', '3306'); //3306 is the default port for MySQL. If no specfic port is used, leave it empty.
define('PSM_BASE_URL', ''); define('PSM_BASE_URL', '');
define('PSM_WEBCRON_KEY', '');

View File

@ -44,7 +44,10 @@ namespace {
$data = @unserialize(PSM_CRON_ALLOW); $data = @unserialize(PSM_CRON_ALLOW);
$allow = $data === false ? PSM_CRON_ALLOW : $data; $allow = $data === false ? PSM_CRON_ALLOW : $data;
if (!in_array($_SERVER['REMOTE_ADDR'], $allow) && !in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)) { if (!in_array($_SERVER['REMOTE_ADDR'], $allow) && !in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)
&& ! (array_key_exists ("webcron_key", $_GET) &&
$_GET["webcron_key"]==PSM_WEBCRON_KEY && (PSM_WEBCRON_KEY != ""))
) {
header('HTTP/1.0 403 Forbidden'); header('HTTP/1.0 403 Forbidden');
die(' die('
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html>

View File

@ -146,6 +146,13 @@ In config.php add following line::
After that, you can hit the url http(s)://"yourmonitor.com"/cron/status.cron.php over the web from your allowed IP. After that, you can hit the url http(s)://"yourmonitor.com"/cron/status.cron.php over the web from your allowed IP.
Alternatively, define a secret key to allow the update over the web:
In config.php add following line::
define('PSM_WEBCRON_KEY', 'YOURKEY');
After that, you can hit the url http(s)://"yourmonitor.com"/cron/status.cron.php?webcron_key=YOURKEY .
Troubleshooting Troubleshooting
+++++++++++++++ +++++++++++++++