diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 8a8e889f12211121e45df1a76e35574199a22006..1dffb08c2db99936c65c14f0f260eba51471e37d 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -2198,8 +2198,8 @@ function request_path() { /** * If Drupal is behind a reverse proxy, we use the X-Forwarded-For header * instead of $_SERVER['REMOTE_ADDR'], which would be the IP address of - * the proxy server, and not the client's. If Drupal is run in a cluster - * we use the X-Cluster-Client-Ip header instead. + * the proxy server, and not the client's. The actual header name can be + * configured by the reverse_proxy_header variable. * * @return * IP address of client machine, adjusted for reverse proxy and/or cluster @@ -2212,7 +2212,8 @@ function ip_address() { $ip_address = $_SERVER['REMOTE_ADDR']; if (variable_get('reverse_proxy', 0)) { - if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) { + $reverse_proxy_header = variable_get('reverse_proxy_header', 'HTTP_X_FORWARDED_FOR'); + if (!empty($_SERVER[$reverse_proxy_header])) { // If an array of known reverse proxy IPs is provided, then trust // the XFF header if request really comes from one of them. $reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array()); @@ -2220,17 +2221,10 @@ function ip_address() { // The "X-Forwarded-For" header is a comma+space separated list of IP addresses, // the left-most being the farthest downstream client. If there is more than // one proxy, we are interested in the most recent one (i.e. last one in the list). - $ip_address_parts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); + $ip_address_parts = explode(',', $_SERVER[$reverse_proxy_header]); $ip_address = trim(array_pop($ip_address_parts)); } } - - // When Drupal is run in a cluster environment, REMOTE_ADDR contains the IP - // address of a server in the cluster, while the IP address of the client is - // stored in HTTP_X_CLUSTER_CLIENT_IP. - if (array_key_exists('HTTP_X_CLUSTER_CLIENT_IP', $_SERVER)) { - $ip_address = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP']; - } } } diff --git a/modules/simpletest/tests/bootstrap.test b/modules/simpletest/tests/bootstrap.test index 0a165b5e157d7b4a4e3d082b8a7539872f7bf719..9ab2c83820ade406ecf5ef4501aadcb7405419a5 100644 --- a/modules/simpletest/tests/bootstrap.test +++ b/modules/simpletest/tests/bootstrap.test @@ -70,7 +70,8 @@ class BootstrapIPAddressTestCase extends DrupalWebTestCase { t('Proxy forwarding with trusted proxy got forwarded IP address') ); - // Cluster environment. + // Custom client-IP header. + variable_set('reverse_proxy_header', 'HTTP_X_CLUSTER_CLIENT_IP'); $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] = $this->cluster_ip; drupal_static_reset('ip_address'); $this->assertTrue( diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php index f02f3f08d8ee5b82cd39e059fb2a12cacef4290d..d748aa4b5bfd972e5af661cc08d34a3e9258cdcd 100644 --- a/sites/default/default.settings.php +++ b/sites/default/default.settings.php @@ -284,8 +284,6 @@ # $conf['maintenance_theme'] = 'garland'; /** - * reverse_proxy accepts a boolean value. - * * Enable this setting to determine the correct IP address of the remote * client by examining information stored in the X-Forwarded-For headers. * X-Forwarded-For headers are a standard mechanism for identifying client @@ -301,6 +299,15 @@ */ # $conf['reverse_proxy'] = TRUE; +/** + * Set this value if your proxy server sends the client IP in a header other + * than X-Forwarded-For. + * + * The "X-Forwarded-For" header is a comma+space separated list of IP addresses, + * only the last one (the left-most) will be used. + */ +# $conf['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP'; + /** * reverse_proxy accepts an array of IP addresses. *