summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDries Buytaert2010-03-17 13:58:45 (GMT)
committerDries Buytaert2010-03-17 13:58:45 (GMT)
commit40417f5a6fccdbc1d8f12b3ba8bd917baa87ed8a (patch)
tree35cc34f6dc9db7314433c28f2b17b3ccfd51130b
parent50040920bf0d1beebe36e333ab8426845a7e0f68 (diff)
- Patch #258397 by John Morahan, Dries, R.Muilwijk, Bart Jansens, grendzy, Berdir: IP address identification not broad enough.
-rw-r--r--includes/bootstrap.inc16
-rw-r--r--modules/simpletest/tests/bootstrap.test3
-rw-r--r--sites/default/default.settings.php11
3 files changed, 16 insertions, 14 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 8a8e889..1dffb08 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -2198,8 +2198,8 @@ function request_path() {
/**
* If Drupal is behind a reverse proxy, we use the X-Forwarded-For header
* instead of $_SERVER['REMOTE_ADDR'], which would be the IP address of
- * the proxy server, and not the client's. If Drupal is run in a cluster
- * we use the X-Cluster-Client-Ip header instead.
+ * the proxy server, and not the client's. The actual header name can be
+ * configured by the reverse_proxy_header variable.
*
* @return
* IP address of client machine, adjusted for reverse proxy and/or cluster
@@ -2212,7 +2212,8 @@ function ip_address() {
$ip_address = $_SERVER['REMOTE_ADDR'];
if (variable_get('reverse_proxy', 0)) {
- if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
+ $reverse_proxy_header = variable_get('reverse_proxy_header', 'HTTP_X_FORWARDED_FOR');
+ if (!empty($_SERVER[$reverse_proxy_header])) {
// If an array of known reverse proxy IPs is provided, then trust
// the XFF header if request really comes from one of them.
$reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array());
@@ -2220,17 +2221,10 @@ function ip_address() {
// The "X-Forwarded-For" header is a comma+space separated list of IP addresses,
// the left-most being the farthest downstream client. If there is more than
// one proxy, we are interested in the most recent one (i.e. last one in the list).
- $ip_address_parts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
+ $ip_address_parts = explode(',', $_SERVER[$reverse_proxy_header]);
$ip_address = trim(array_pop($ip_address_parts));
}
}
-
- // When Drupal is run in a cluster environment, REMOTE_ADDR contains the IP
- // address of a server in the cluster, while the IP address of the client is
- // stored in HTTP_X_CLUSTER_CLIENT_IP.
- if (array_key_exists('HTTP_X_CLUSTER_CLIENT_IP', $_SERVER)) {
- $ip_address = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
- }
}
}
diff --git a/modules/simpletest/tests/bootstrap.test b/modules/simpletest/tests/bootstrap.test
index 0a165b5..9ab2c83 100644
--- a/modules/simpletest/tests/bootstrap.test
+++ b/modules/simpletest/tests/bootstrap.test
@@ -70,7 +70,8 @@ class BootstrapIPAddressTestCase extends DrupalWebTestCase {
t('Proxy forwarding with trusted proxy got forwarded IP address')
);
- // Cluster environment.
+ // Custom client-IP header.
+ variable_set('reverse_proxy_header', 'HTTP_X_CLUSTER_CLIENT_IP');
$_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] = $this->cluster_ip;
drupal_static_reset('ip_address');
$this->assertTrue(
diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php
index f02f3f0..d748aa4 100644
--- a/sites/default/default.settings.php
+++ b/sites/default/default.settings.php
@@ -284,8 +284,6 @@ ini_set('session.cookie_lifetime', 2000000);
# $conf['maintenance_theme'] = 'garland';
/**
- * reverse_proxy accepts a boolean value.
- *
* Enable this setting to determine the correct IP address of the remote
* client by examining information stored in the X-Forwarded-For headers.
* X-Forwarded-For headers are a standard mechanism for identifying client
@@ -302,6 +300,15 @@ ini_set('session.cookie_lifetime', 2000000);
# $conf['reverse_proxy'] = TRUE;
/**
+ * Set this value if your proxy server sends the client IP in a header other
+ * than X-Forwarded-For.
+ *
+ * The "X-Forwarded-For" header is a comma+space separated list of IP addresses,
+ * only the last one (the left-most) will be used.
+ */
+# $conf['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP';
+
+/**
* reverse_proxy accepts an array of IP addresses.
*
* Each element of this array is the IP address of any of your reverse