Uploaded image for project: 'In-Portal CMS'
  1. In-Portal CMS
  2. INP-1080

Allow using proxy provided IP address (optional)

    XMLWordPrintable

    Details

    • External issue URL:
    • Additional information:
      Hide

      At the end method $this->Application->getIP() would return correct value based on configuration setting.

      Since IP address check can be performed before application initialization this new setting must be added to /system/config.php file instead of SystemSettings database table. Of course install/upgrade wizard steps needs to be updated to reflect that.

      Show
      At the end method $this->Application->getIP() would return correct value based on configuration setting. Since IP address check can be performed before application initialization this new setting must be added to /system/config.php file instead of SystemSettings database table. Of course install/upgrade wizard steps needs to be updated to reflect that.
    • Change Log Message:
      Improving IP address detection
    • Story Points:
      1
    • External issue ID:
      1317
    • Copy Issue Key:
    • Patch Instructions:

      Patches must be submitted through Phabricator.

      Description

      Right now In-Portal always relies on $_SERVER['REMOTE_ADDR'] variable to determine client's IP address.

      This works not in all cases. For example, when behind Amazon Web Services load balancer the actual IP address is located in $_SERVER['X_HTTP_FORWARDED_FOR'] variable.

      Always relying on X_HTTP_FORWARDED_FOR and then on REMOTE_ADDR is bad idea because attacker could forge fake ip to pass ip-based check. To solve this I'm proposing to add new configuration setting, where user can select preferred IP address sources with possible options:

      • $_SERVER['X_HTTP_FORWARDED_FOR']
      • getenv('X_HTTP_FORWARDED_FOR')
      • $_SERVER['REMOTE_ADDR']
      • getenv('REMOTE_ADDR')

      Based on server configuration some of these option might return empty string instead of IP address and it's up to use to choose what to use. By default we will use $_SERVER['REMOTE_ADDR'] for backward compatibility.

        Attachments

          Issue Links

          parent of

          Bug Report - A problem which impairs or prevents the functions of the product. INP-1217 Don't detect IP address during CLI requests

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          mentioned in

          Wiki Page Loading...

          Wiki Page Loading...

            Activity

              People

              • Assignee:
                alex Alex
                Reporter:
                alex Alex
                Developer:
                Alex
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: