From d9647e1afea29401470efd68730d2562659be006 Mon Sep 17 00:00:00 2001 From: Jerome Jutteau Date: Thu, 7 May 2015 12:50:04 +0200 Subject: [PATCH] manage visitor IP behind reverse proxies, refs #36 Signed-off-by: Jerome Jutteau --- index.php | 2 +- lib/config.original.php | 7 +++++++ lib/functions.php | 26 ++++++++++++++++++++++++++ script.php | 8 ++++---- 4 files changed, 38 insertions(+), 5 deletions(-) diff --git a/index.php b/index.php index 4802e33..5a2c926 100644 --- a/index.php +++ b/index.php @@ -35,7 +35,7 @@ if (has_error ()) } /* Check if user is allowed to upload. */ -if (!jirafeau_challenge_upload_ip ($cfg, $_SERVER['REMOTE_ADDR'])) +if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg))) { echo '

' . t('Access denied') . '

'; require (JIRAFEAU_ROOT.'lib/template/footer.php'); diff --git a/lib/config.original.php b/lib/config.original.php index 755b762..d7c52e2 100644 --- a/lib/config.original.php +++ b/lib/config.original.php @@ -89,6 +89,13 @@ $cfg['availabilities'] = array ('minute' => true, * 0 mean unlimited upload size. */ $cfg['maximal_upload_size'] = 0; +/* If your Jirafeau is behind some reverse proxies, you can set there IPs + * so Jirafeau get visitor's IP from HTTP_X_FORWARDED_FOR instead of + * REMOTE_ADDR. + * for example: + * $cfg['proxy_ip'] = array('12.34.56.78'); + */ +$cfg['proxy_ip'] = array(); /* Installation is done ? */ $cfg['installation_done'] = false; diff --git a/lib/functions.php b/lib/functions.php index 27e4fc3..77acae1 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -1108,3 +1108,29 @@ function jirafeau_challenge_upload_ip ($cfg, $ip) return false; } +/** + * Get the ip address of the client from REMOTE_ADDR + * or from HTTP_X_FORWARDED_FOR if behind a proxy + * @returns an the client ip address + */ +function get_ip_address($cfg) { + if (count ($cfg['proxy_ip']) == 0 || + empty ($_SERVER['HTTP_X_FORWARDED_FOR'])) + return $_SERVER['REMOTE_ADDR']; + + $iplist = explode (',', $_SERVER['HTTP_X_FORWARDED_FOR']); + if (count ($iplist) == 0) + return $_SERVER['REMOTE_ADDR']; + + foreach ($cfg['proxy_ip'] as $proxy_ip) + { + if ($_SERVER['REMOTE_ADDR'] != $proxy_ip) + continue; + + // Take the last IP (the one which has been set by our proxy). + $ip = end($iplist); + $ip = preg_replace ('/\s+/', '', $ip); + return $ip; + } + return $_SERVER['REMOTE_ADDR']; +} diff --git a/script.php b/script.php index 93599c9..1c154b1 100644 --- a/script.php +++ b/script.php @@ -218,7 +218,7 @@ if (has_error ()) if (isset ($_FILES['file']) && is_writable (VAR_FILES) && is_writable (VAR_LINKS)) { - if (!jirafeau_challenge_upload_ip ($cfg, $_SERVER['REMOTE_ADDR'])) + if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg))) { echo "Error"; exit; @@ -278,7 +278,7 @@ if (isset ($_FILES['file']) && is_writable (VAR_FILES) $res = jirafeau_upload ($_FILES['file'], isset ($_POST['one_time_download']), - $key, $time, $_SERVER['REMOTE_ADDR'], + $key, $time, get_ip_address($cfg), $cfg['enable_crypt'], $cfg['link_name_length']); if (empty($res) || $res['error']['has_error']) @@ -511,7 +511,7 @@ fi /* Initialize an asynchronous upload. */ elseif (isset ($_GET['init_async'])) { - if (!jirafeau_challenge_upload_ip ($cfg, $_SERVER['REMOTE_ADDR'])) + if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg))) { echo "Error"; exit; @@ -575,7 +575,7 @@ elseif (isset ($_GET['init_async'])) isset ($_POST['one_time_download']), $key, $time, - $_SERVER['REMOTE_ADDR']); + get_ip_address($cfg)); } /* Continue an asynchronous upload. */ elseif (isset ($_GET['push_async'])) -- 2.34.1