http://wiki.mipt.ru/index.php?action=history&feed=atom&title=HTTP_securityHTTP security - История изменений2026-05-06T17:39:53ZИстория изменений этой страницы в викиMediaWiki 1.42.1http://wiki.mipt.ru/index.php?title=HTTP_security&diff=1401&oldid=prevОлег Давидович: 1 версия импортирована2024-10-14T18:18:07Z<p>1 версия импортирована</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<tr class="diff-title" lang="ru">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Предыдущая версия</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Версия от 18:18, 14 октября 2024</td>
</tr><tr><td colspan="2" class="diff-notice" lang="ru"><div class="mw-diff-empty">(нет различий)</div>
</td></tr></table>Олег Давидовичhttp://wiki.mipt.ru/index.php?title=HTTP_security&diff=1400&oldid=prev1>Marycooch: 127.0.0.0/8 re MDL-767552023-08-12T11:56:54Z<p>127.0.0.0/8 re MDL-76755</p>
<p><b>Новая страница</b></p><div>{{Security}}<br />
*In Moodle 3.4 onwards, the setting 'Use HTTPS for logins' (loginhttps) has been removed.<br />
* There is a [[HTTPS conversion tool]] for converting embedded content to HTTPS.<br />
<br />
==Secure cookies only==<br />
<br />
It is recommended to use secure cookies only when serving over [https://en.wikipedia.org/wiki/Transport_Layer_Security SSL]. When not serving over SSL, the setting is ignored. In Moodle 3.1.2 onwards, the 'Secure cookies only' default setting is on.<br />
<br />
==cURL blocked hosts list==<br />
<br />
This allows you to block Moodle's cURL implementation from accessing the specified hosts, wherever it is used to fetch content (such as by the URL downloader in the file picker). Generally it is recommended that as a minimum this is configured to prevent access to any internal network resources. The following is an example list of hosts which can be configured, which prevents access to various versions of "localhost", as well as an address commonly used by AWS and some other cloud providers to provide meta data about the server instance (169.254.169.254):<br />
<br />
127.0.0.0/8<br />
192.168.0.0/16<br />
10.0.0.0/8<br />
172.16.0.0/12<br />
0.0.0.0<br />
localhost<br />
169.254.169.254<br />
0000::1<br />
<br />
<br />
<br />
'''Note:''' In addition to configuring this at the application level via this setting, it is also recommended that sufficient firewall/network security measures are in place, including restricting access to internal network endpoints to those users/services that require them.<br />
<br />
==cURL allowed ports list==<br />
<br />
This allows you to restrict Moodle's cURL implementation to only access the specified list of port numbers, wherever it is used to fetch content (such as by the URL downloader in the file picker). Generally it is recommended that this is configured to only allow standard web ports, as follows:<br />
<br />
80<br />
443<br />
<br />
In future, some logical default values such as those above will be configured automatically for new Moodle sites. See MDL-56873 for more details.<br />
<br />
'''Note:''' In addition to configuring this at the application level via this setting, it is also recommended that sufficient firewall/network security measures are in place, including restricting access to open ports on the internal network to those users/services that require them.<br />
<br />
==See also==<br />
<br />
* MDL-55662 for removing the secure cookies only setting<br />
<br />
[[Category:Site administration]]<br />
<br />
[[de:HTTP-Sicherheit]]<br />
[[es:Seguridad HTTP]]</div>1>Marycooch