Fix ReverseProxySettings from Configuration (OrchardCMS#18739)

Author: hishamco

src/OrchardCore.Cms.Web/appsettings.json

@@ -278,7 +278,7 @@
     //}
     //"OrchardCore_ReverseProxy": {
     //  "ForwardedHeaders": "None",
-    //  "KnownNetworks": ["192.168.1.100", "192.168.1.101"],
+    //  "KnownNetworks": ["192.168.1.100/4", "192.168.1.101/4"],
     //  "KnownProxies": ["192.168.1.200", "192.168.1.201"],
     //},
     //"OrchardCore_Facebook": {

src/OrchardCore.Modules/OrchardCore.ReverseProxy/Drivers/ReverseProxySettingsDisplayDriver.cs

@@ -1,8 +1,11 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.HttpOverrides;
+using Microsoft.AspNetCore.Mvc.Localization;
+using Microsoft.Extensions.Options;
 using OrchardCore.DisplayManagement.Entities;
 using OrchardCore.DisplayManagement.Handlers;
+using OrchardCore.DisplayManagement.Notify;
 using OrchardCore.DisplayManagement.Views;
 using OrchardCore.Environment.Shell;
 using OrchardCore.ReverseProxy.Settings;
@@ -19,14 +22,25 @@ public sealed class ReverseProxySettingsDisplayDriver : SiteDisplayDriver<Revers
     private readonly IHttpContextAccessor _httpContextAccessor;
     private readonly IAuthorizationService _authorizationService;
 
+    private readonly ReverseProxySettings _reverseProxySettings;
+    private readonly INotifier _notifier;
+
+    internal readonly IHtmlLocalizer H;
+
     public ReverseProxySettingsDisplayDriver(
         IShellReleaseManager shellReleaseManager,
         IHttpContextAccessor httpContextAccessor,
-        IAuthorizationService authorizationService)
+        IAuthorizationService authorizationService,
+        IOptionsSnapshot<ReverseProxySettings> reverseProxySettings,
+        INotifier notifier,
+        IHtmlLocalizer<ReverseProxySettingsDisplayDriver> htmlLocalizer)
     {
         _shellReleaseManager = shellReleaseManager;
         _httpContextAccessor = httpContextAccessor;
         _authorizationService = authorizationService;
+        _reverseProxySettings = reverseProxySettings.Value;
+        _notifier = notifier;
+        H = htmlLocalizer;
     }
 
     protected override string SettingsGroupId
@@ -43,11 +57,20 @@ public override async Task<IDisplayResult> EditAsync(ISite site, ReverseProxySet
 
         context.AddTenantReloadWarningWrapper();
 
+        // Set the settings from configuration when AdminSettings are overridden via ConfigureReverseProxySettings()
+        var currentSettings = settings;
+        if (_reverseProxySettings.FromConfiguration)
+        {
+            currentSettings = _reverseProxySettings;
+
+            await _notifier.InformationAsync(H["The current settings are coming from configuration sources, saving the settings will affect the AdminSettings not the configuration."]);
+        }
+
         return Initialize<ReverseProxySettingsViewModel>("ReverseProxySettings_Edit", model =>
         {
-            model.EnableXForwardedFor = settings.ForwardedHeaders.HasFlag(ForwardedHeaders.XForwardedFor);
-            model.EnableXForwardedHost = settings.ForwardedHeaders.HasFlag(ForwardedHeaders.XForwardedHost);
-            model.EnableXForwardedProto = settings.ForwardedHeaders.HasFlag(ForwardedHeaders.XForwardedProto);
+            model.EnableXForwardedFor = currentSettings.ForwardedHeaders.HasFlag(ForwardedHeaders.XForwardedFor);
+            model.EnableXForwardedHost = currentSettings.ForwardedHeaders.HasFlag(ForwardedHeaders.XForwardedHost);
+            model.EnableXForwardedProto = currentSettings.ForwardedHeaders.HasFlag(ForwardedHeaders.XForwardedProto);
         }).Location("Content:2")
         .OnGroup(SettingsGroupId);
     }

src/OrchardCore.Modules/OrchardCore.ReverseProxy/Extensions/OrchardCoreBuilderExtensions.cs

@@ -12,7 +12,12 @@ public static OrchardCoreBuilder ConfigureReverseProxySettings(this OrchardCoreB
         {
             var configurationSection = serviceProvider.GetRequiredService<IShellConfiguration>().GetSection("OrchardCore_ReverseProxy");
 
-            tenantServices.PostConfigure<ReverseProxySettings>(settings => configurationSection.Bind(settings));
+            tenantServices.PostConfigure<ReverseProxySettings>(settings =>
+            {
+                configurationSection.Bind(settings);
+
+                settings.FromConfiguration = true;
+            });
         });
 
         return builder;

src/OrchardCore.Modules/OrchardCore.ReverseProxy/Services/ForwardedHeadersOptionsConfiguration.cs

@@ -1,36 +1,34 @@
+using System.Net;
 using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.Extensions.Options;
+using OrchardCore.ReverseProxy.Settings;
 
 namespace OrchardCore.ReverseProxy.Services;
 
 public sealed class ForwardedHeadersOptionsConfiguration : IConfigureOptions<ForwardedHeadersOptions>
 {
-    private readonly ReverseProxyService _reverseProxyService;
+    private readonly ReverseProxySettings _reverseProxySettings;
 
-    public ForwardedHeadersOptionsConfiguration(ReverseProxyService reverseProxyService)
+    public ForwardedHeadersOptionsConfiguration(IOptions<ReverseProxySettings> reverseProxySettingsOptions)
     {
-        _reverseProxyService = reverseProxyService;
+        _reverseProxySettings = reverseProxySettingsOptions.Value;
     }
 
     public void Configure(ForwardedHeadersOptions options)
     {
-        var reverseProxySettings = _reverseProxyService.GetSettingsAsync().GetAwaiter().GetResult();
-        options.ForwardedHeaders = reverseProxySettings.ForwardedHeaders;
+        options.ForwardedHeaders = _reverseProxySettings.ForwardedHeaders;
 
-        // In .NET 10, KnownNetworks is obsolete, use KnownIPNetworks instead
         options.KnownIPNetworks.Clear();
         options.KnownProxies.Clear();
 
-        foreach (var network in reverseProxySettings.KnownNetworks)
+        foreach (var network in _reverseProxySettings.KnownNetworks)
         {
-            // In .NET 10, use System.Net.IPNetwork instead of the obsolete IPNetwork
-            options.KnownIPNetworks.Add(System.Net.IPNetwork.Parse(network));
+            options.KnownIPNetworks.Add(IPNetwork.Parse(network));
         }
 
-        foreach (var proxy in reverseProxySettings.KnownProxies)
+        foreach (var proxy in _reverseProxySettings.KnownProxies)
         {
-            options.KnownProxies.Add(System.Net.IPAddress.Parse(proxy));
+            options.KnownProxies.Add(IPAddress.Parse(proxy));
         }
     }
 }

src/OrchardCore.Modules/OrchardCore.ReverseProxy/Services/ReverseProxyService.cs

@@ -8,9 +8,7 @@ public class ReverseProxyService
     private readonly ISiteService _siteService;
 
     public ReverseProxyService(ISiteService siteService)
-    {
-        _siteService = siteService;
-    }
+        => _siteService = siteService;
 
     public Task<ReverseProxySettings> GetSettingsAsync()
         => _siteService.GetSettingsAsync<ReverseProxySettings>();

src/OrchardCore.Modules/OrchardCore.ReverseProxy/Services/ReverseProxySettingsConfiguration.cs

@@ -0,0 +1,24 @@
+using Microsoft.Extensions.Options;
+using OrchardCore.ReverseProxy.Settings;
+
+namespace OrchardCore.ReverseProxy.Services;
+
+public class ReverseProxySettingsConfiguration : IConfigureOptions<ReverseProxySettings>
+{
+    private readonly ReverseProxyService _reverseProxyService;
+
+    public ReverseProxySettingsConfiguration(ReverseProxyService reverseProxyService)
+        => _reverseProxyService = reverseProxyService;
+
+    public void Configure(ReverseProxySettings options)
+    {
+        var settings = _reverseProxyService.GetSettingsAsync()
+            .GetAwaiter()
+            .GetResult();
+
+        options.ForwardedHeaders = settings.ForwardedHeaders;
+        options.KnownNetworks = settings.KnownNetworks;
+        options.KnownProxies = settings.KnownProxies;
+    }
+}
+

src/OrchardCore.Modules/OrchardCore.ReverseProxy/Settings/ReverseProxySettings.cs

@@ -1,3 +1,4 @@
+using System.Text.Json.Serialization;
 using Microsoft.AspNetCore.HttpOverrides;
 
 namespace OrchardCore.ReverseProxy.Settings;
@@ -9,4 +10,7 @@ public class ReverseProxySettings
     public string[] KnownNetworks { get; set; } = [];
 
     public string[] KnownProxies { get; set; } = [];
+
+    [JsonIgnore]
+    internal bool FromConfiguration { get; set; }
 }

src/OrchardCore.Modules/OrchardCore.ReverseProxy/Startup.cs

@@ -31,6 +31,8 @@ public override void ConfigureServices(IServiceCollection services)
 
         services.AddSingleton<ReverseProxyService>();
 
+        services.AddTransient<IConfigureOptions<ReverseProxySettings>, ReverseProxySettingsConfiguration>();
+
         services.AddTransient<IConfigureOptions<ForwardedHeadersOptions>, ForwardedHeadersOptionsConfiguration>();
     }
 }

src/docs/reference/modules/ReverseProxy/README.md

@@ -4,18 +4,101 @@ Enables configuration of hosting scenarios with a reverse proxy, like which HTTP
 
 ## Reverse Proxy Settings Configuration
 
-The `OrchardCore.ReverseProxy` module allows the user to use configuration values to override the settings configured from the admin area by calling the `ConfigureReverseProxySettings()` extension method on `OrchardCoreBuilder` when initializing the app.
+### Admin Configuration
 
-The following configuration values can be customized:
+You can configure reverse proxy settings from the admin area by navigating to **Settings → Reverse Proxy**.
+
+The following settings are available:
+
+- **X-Forwarded-For**: Enables forwarding of the client IP address
+- **X-Forwarded-Host**: Enables forwarding of the original host requested by the client
+- **X-Forwarded-Proto**: Enables forwarding of the protocol (HTTP or HTTPS) used by the client
+
+These settings are stored in the site configuration and can be managed per tenant.
+
+### File Settings Configuration
+
+The `OrchardCore.ReverseProxy` module allows you to use configuration values from `appsettings.json` to configure reverse proxy settings by calling the `ConfigureReverseProxySettings()` extension method on `OrchardCoreBuilder` when initializing the app.
+
+In your `Program.cs` or startup code, call the extension method:
+
+```csharp
+builder.Services.AddOrchardCore()
+    .ConfigureReverseProxySettings()
+    // ... other configuration
+```
+
+Add the following section to your `appsettings.json`:
 
 ```json
 {
   "OrchardCore_ReverseProxy": {
-    "ForwardedHeaders": "None",
-    "KnownNetworks": ["192.168.1.100", "192.168.1.101"],
-    "KnownProxies": ["192.168.1.200", "192.168.1.201"],
+    "ForwardedHeaders": "XForwardedFor, XForwardedHost, XForwardedProto",
+    "KnownNetworks": ["192.168.1.0/24"],
+    "KnownProxies": ["192.168.1.200", "192.168.1.201"]
   }
 }
 ```
 
-For more information please refer to [Configuration](../Configuration/README.md).
+## Configuration Options
+
+| Setting | Description | Example Values |
+|---------|-------------|----------------|
+| `ForwardedHeaders` | Specifies which headers to forward | `None`, `XForwardedFor`, `XForwardedHost`, `XForwardedProto`, `XForwardedPrefix`, `All`, or a combination (comma-separated) |
+| `KnownNetworks` | Array of known proxy networks in CIDR notation | `["192.168.1.0/24", "10.0.0.0/8"]` |
+| `KnownProxies` | Array of known proxy IP addresses | `["192.168.1.200", "192.168.1.201"]` |
+
+!!! warning
+    The `KnownNetworks` values must be specified in CIDR notation (e.g., `192.168.1.0/24`).
+    
+    The `KnownProxies` values must be valid IP addresses.
+
+## Configuration Precedence
+
+When `ConfigureReverseProxySettings()` is called, settings from the configuration file are **merged** with settings configured through the admin UI:
+
+- Configuration file values take **precedence** over admin UI settings for the same properties
+- If a property is not specified in the configuration file, the admin UI value is used
+- The admin UI will display a warning when configuration file settings are active
+
+**Scenario 1: Admin UI Only**
+- `ConfigureReverseProxySettings()` is NOT called
+- All settings are managed through the admin UI
+- No configuration file override
+
+**Scenario 2: Configuration File Override**
+- `ConfigureReverseProxySettings()` is called
+- `OrchardCore_ReverseProxy` section exists in appsettings.json
+- Configuration file values override admin UI values
+- Admin UI shows a warning about the override
+
+**Scenario 3: Partial Override**
+- `ConfigureReverseProxySettings()` is called
+- Only some settings specified in appsettings.json (e.g., only `KnownProxies`)
+- Configuration file values are merged with admin UI values
+- Specified values from config file take precedence
+
+## Security Considerations
+
+!!! danger
+    Improperly configured reverse proxy settings can expose your application to security risks, including IP spoofing and header injection attacks.
+
+When configuring reverse proxy settings:
+
+1. **Always configure KnownProxies and KnownNetworks** when using forwarded headers in production
+2. **Only trust headers from known proxies** to prevent header spoofing
+3. **Use CIDR notation carefully** to avoid exposing your application to untrusted networks
+4. **Test your configuration** to ensure headers are forwarded correctly
+
+## Multi-Tenant Considerations
+
+- Admin UI settings are **tenant-specific**
+- Configuration file settings apply to **all tenants** when specified in the main appsettings.json
+- For tenant-specific configuration file settings, use the tenant's appsettings.json file in `App_Data/Sites/{tenant}/appsettings.json`
+
+## Additional Resources
+
+For more information, please refer to:
+
+- [Configuration](../Configuration/README.md)
+- [Microsoft ASP.NET Core Forwarded Headers Documentation](https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer)