diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-11-26 08:06:52 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-11-26 08:06:52 +0000 |
| commit | f337abfa697395f2b39ac7d542e66da5538fa3f4 (patch) | |
| tree | f9fb1a1dce5164a4454467db500ec7c47ab7b4a5 /includes | |
| parent | 6dd28cafed3bb7efe736aff1c7a273621e632b64 (diff) | |
| download | brdo-f337abfa697395f2b39ac7d542e66da5538fa3f4.tar.gz brdo-f337abfa697395f2b39ac7d542e66da5538fa3f4.tar.bz2 | |
#173408 by markus_petrux / add1sun: move proxy IP configuration options to settings.php, because these need to be used before Drupal has the variables loaded from the database
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/bootstrap.inc | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 048efcd44..a8da6fcb2 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -1101,9 +1101,14 @@ function ip_address() { if (!isset($ip_address)) { $ip_address = $_SERVER['REMOTE_ADDR']; if (variable_get('reverse_proxy', 0) && array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) { - // If there are several arguments, we need to check the most - // recently added one, ie the last one. - $ip_address = array_pop(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])); + // If an array of known reverse proxy IPs is provided, then trust + // the XFF header if request really comes from one of them. + $reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array()); + if (!empty($reverse_proxy_addresses) && in_array($ip_address, $reverse_proxy_addresses, TRUE)) { + // If there are several arguments, we need to check the most + // recently added one, i.e. the last one. + $ip_address = array_pop(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])); + } } } |