mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
FIX getIP from behind a load-balancer that adds many IPs to the header
This commit is contained in:
parent
71bf14d590
commit
817b836870
@ -669,7 +669,7 @@ class SS_HTTPRequest implements ArrayAccess {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($headerOverrideIP) {
|
if ($headerOverrideIP) {
|
||||||
return $headerOverrideIP;
|
return $this->getIPFromHeaderValue($headerOverrideIP);
|
||||||
} elseif(isset($_SERVER['REMOTE_ADDR'])) {
|
} elseif(isset($_SERVER['REMOTE_ADDR'])) {
|
||||||
return $_SERVER['REMOTE_ADDR'];
|
return $_SERVER['REMOTE_ADDR'];
|
||||||
} else {
|
} else {
|
||||||
@ -677,6 +677,28 @@ class SS_HTTPRequest implements ArrayAccess {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extract an IP address from a header value that has been obtained. Accepts single IP or comma separated string of
|
||||||
|
* IPs
|
||||||
|
*
|
||||||
|
* @param string $headerValue The value from a trusted header
|
||||||
|
* @return string The IP address
|
||||||
|
*/
|
||||||
|
protected function getIPFromHeaderValue($headerValue) {
|
||||||
|
if (strpos($headerValue, ',') !== false) {
|
||||||
|
//sometimes the IP from a load balancer could be "x.x.x.x, y.y.y.y, z.z.z.z" so we need to find the most
|
||||||
|
// likely candidate
|
||||||
|
$ips = explode(',', $headerValue);
|
||||||
|
foreach ($ips as $ip) {
|
||||||
|
$ip = trim($ip);
|
||||||
|
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE)) {
|
||||||
|
return $ip;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $headerValue;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns all mimetypes from the HTTP "Accept" header
|
* Returns all mimetypes from the HTTP "Accept" header
|
||||||
* as an array.
|
* as an array.
|
||||||
|
@ -254,4 +254,23 @@ class HTTPRequestTest extends SapphireTest {
|
|||||||
$this->assertEquals('home?test=1', $req->getURL(true));
|
$this->assertEquals('home?test=1', $req->getURL(true));
|
||||||
$this->assertEquals('home', $req->getURL());
|
$this->assertEquals('home', $req->getURL());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testGetIPFromHeaderValue() {
|
||||||
|
$req = new SS_HTTPRequest('GET', '/');
|
||||||
|
$reflectionMethod = new ReflectionMethod($req, 'getIPFromHeaderValue');
|
||||||
|
$reflectionMethod->setAccessible(true);
|
||||||
|
|
||||||
|
$headers = array(
|
||||||
|
'80.79.208.21, 149.126.76.1, 10.51.0.68' => '80.79.208.21',
|
||||||
|
'52.19.19.103, 10.51.0.49' => '52.19.19.103',
|
||||||
|
'10.51.0.49, 52.19.19.103' => '52.19.19.103',
|
||||||
|
'10.51.0.49' => '10.51.0.49',
|
||||||
|
'127.0.0.1, 10.51.0.49' => '127.0.0.1',
|
||||||
|
);
|
||||||
|
|
||||||
|
foreach ($headers as $header => $ip) {
|
||||||
|
$this->assertEquals($ip, $reflectionMethod->invoke($req, $header));
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user