Subj : Small bug
To   : g00r00
From : Bj”rn Wiberg
Date : Wed Jan 04 2023 09:33 am

Hello g00r00!

On 03 Jan 2023, g00r00 said the following...
 g0>  BW> Download via WEB (dlreq) functionality to work -- I always get "File 
 g0>  BW> in queue" when clicking on a file to download it:
 g0> 
 g0> Turns out I completely broke it at some point.  I've fixed it up and I
 g0> will put up a new build in just a few minutes to the prealpha folder.

Thanks a lot! It is much appreciated, and appears to be working just fine! I have enabled "Download via WEB" on my BBS now.

Speaking of this, would it be possible (in the future) to be able to choose to disable the anti-spoofing (IP) check? E.g. for the scenario when a user uses fTelnet (an fTelnet proxy somewhere in the world) and then wants to download the file via his/her web browser (another IP)?

+ 2023.01.04 09:04:04  HTTP 1-Cannot authenticate host
(81.4.100.99/192.168.1.1)
+ 2023.01.04 09:04:04  HTTP 1-Refused: Not authorized

A configuration option for the download URL (e.g. if you have a web server in front of MIS for HTTPS support with a "real" SSL certificate) would also be a great addition. :)

And that might actually *require* the ability to disable dlreq IP checks, unless dlreq could also be configured to trust some header(s), e.g. X-Forwarded-For, from some "upstream" IP(s) or IP range(s), where that header would contain the real IP of the user. Something like what mod_remoteip of Apache does: https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteipinternalpro

RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1 192.168.1.0/24

Just food for thought. :)

Thanks again for your help!

Best regards
Bj”rn

--- Mystic BBS v1.12 A48 (Linux/64)
 * Origin: Star Collision BBS, Uppsala, Sweden (2:201/137)

.