diff options
author | Dries Buytaert <dries@buytaert.net> | 2010-03-17 13:58:45 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2010-03-17 13:58:45 +0000 |
commit | 40417f5a6fccdbc1d8f12b3ba8bd917baa87ed8a (patch) | |
tree | 35cc34f6dc9db7314433c28f2b17b3ccfd51130b | |
parent | 50040920bf0d1beebe36e333ab8426845a7e0f68 (diff) | |
download | brdo-40417f5a6fccdbc1d8f12b3ba8bd917baa87ed8a.tar.gz brdo-40417f5a6fccdbc1d8f12b3ba8bd917baa87ed8a.tar.bz2 |
- Patch #258397 by John Morahan, Dries, R.Muilwijk, Bart Jansens, grendzy, Berdir: IP address identification not broad enough.
-rw-r--r-- | includes/bootstrap.inc | 16 | ||||
-rw-r--r-- | modules/simpletest/tests/bootstrap.test | 3 | ||||
-rw-r--r-- | sites/default/default.settings.php | 11 |
3 files changed, 16 insertions, 14 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 8a8e889f1..1dffb08c2 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -2198,8 +2198,8 @@ function request_path() { /** * If Drupal is behind a reverse proxy, we use the X-Forwarded-For header * instead of $_SERVER['REMOTE_ADDR'], which would be the IP address of - * the proxy server, and not the client's. If Drupal is run in a cluster - * we use the X-Cluster-Client-Ip header instead. + * the proxy server, and not the client's. The actual header name can be + * configured by the reverse_proxy_header variable. * * @return * IP address of client machine, adjusted for reverse proxy and/or cluster @@ -2212,7 +2212,8 @@ function ip_address() { $ip_address = $_SERVER['REMOTE_ADDR']; if (variable_get('reverse_proxy', 0)) { - if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) { + $reverse_proxy_header = variable_get('reverse_proxy_header', 'HTTP_X_FORWARDED_FOR'); + if (!empty($_SERVER[$reverse_proxy_header])) { // If an array of known reverse proxy IPs is provided, then trust // the XFF header if request really comes from one of them. $reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array()); @@ -2220,17 +2221,10 @@ function ip_address() { // The "X-Forwarded-For" header is a comma+space separated list of IP addresses, // the left-most being the farthest downstream client. If there is more than // one proxy, we are interested in the most recent one (i.e. last one in the list). - $ip_address_parts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); + $ip_address_parts = explode(',', $_SERVER[$reverse_proxy_header]); $ip_address = trim(array_pop($ip_address_parts)); } } - - // When Drupal is run in a cluster environment, REMOTE_ADDR contains the IP - // address of a server in the cluster, while the IP address of the client is - // stored in HTTP_X_CLUSTER_CLIENT_IP. - if (array_key_exists('HTTP_X_CLUSTER_CLIENT_IP', $_SERVER)) { - $ip_address = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP']; - } } } diff --git a/modules/simpletest/tests/bootstrap.test b/modules/simpletest/tests/bootstrap.test index 0a165b5e1..9ab2c8382 100644 --- a/modules/simpletest/tests/bootstrap.test +++ b/modules/simpletest/tests/bootstrap.test @@ -70,7 +70,8 @@ class BootstrapIPAddressTestCase extends DrupalWebTestCase { t('Proxy forwarding with trusted proxy got forwarded IP address') ); - // Cluster environment. + // Custom client-IP header. + variable_set('reverse_proxy_header', 'HTTP_X_CLUSTER_CLIENT_IP'); $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] = $this->cluster_ip; drupal_static_reset('ip_address'); $this->assertTrue( diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php index f02f3f08d..d748aa4b5 100644 --- a/sites/default/default.settings.php +++ b/sites/default/default.settings.php @@ -284,8 +284,6 @@ ini_set('session.cookie_lifetime', 2000000); # $conf['maintenance_theme'] = 'garland'; /** - * reverse_proxy accepts a boolean value. - * * Enable this setting to determine the correct IP address of the remote * client by examining information stored in the X-Forwarded-For headers. * X-Forwarded-For headers are a standard mechanism for identifying client @@ -302,6 +300,15 @@ ini_set('session.cookie_lifetime', 2000000); # $conf['reverse_proxy'] = TRUE; /** + * Set this value if your proxy server sends the client IP in a header other + * than X-Forwarded-For. + * + * The "X-Forwarded-For" header is a comma+space separated list of IP addresses, + * only the last one (the left-most) will be used. + */ +# $conf['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP'; + +/** * reverse_proxy accepts an array of IP addresses. * * Each element of this array is the IP address of any of your reverse |