aboutsummaryrefslogtreecommitdiffhomepage
path: root/application/HttpUtils.php
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2016-08-03 10:36:47 +0200
committerArthurHoaro <arthur@hoa.ro>2016-11-05 14:29:52 +0100
commit3116d8671d388690bac1070e39d2c74d28b14f0e (patch)
treea310adfe8af2c0bd0c792d914dd7c26bcf9d910e /application/HttpUtils.php
parent4fd053d6b29a1b6724eda17a3daddb29b1bf1ca3 (diff)
downloadShaarli-3116d8671d388690bac1070e39d2c74d28b14f0e.tar.gz
Shaarli-3116d8671d388690bac1070e39d2c74d28b14f0e.tar.zst
Shaarli-3116d8671d388690bac1070e39d2c74d28b14f0e.zip
Add trusted IPs in config and try to ban forwarded IP on failed login
* Add a new settings (which needs to be manually set): `security.trusted_proxies` * On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers. * If found, the client address is added in ipbans, else we do nothing. Fixes #409
Diffstat (limited to 'application/HttpUtils.php')
-rw-r--r--application/HttpUtils.php26
1 files changed, 26 insertions, 0 deletions
diff --git a/application/HttpUtils.php b/application/HttpUtils.php
index 27a39d3d..e705cfd6 100644
--- a/application/HttpUtils.php
+++ b/application/HttpUtils.php
@@ -355,3 +355,29 @@ function page_url($server)
355 } 355 }
356 return index_url($server); 356 return index_url($server);
357} 357}
358
359/**
360 * Retrieve the initial IP forwarded by the reverse proxy.
361 *
362 * Inspired from: https://github.com/zendframework/zend-http/blob/master/src/PhpEnvironment/RemoteAddress.php
363 *
364 * @param array $server $_SERVER array which contains HTTP headers.
365 * @param array $trustedIps List of trusted IP from the configuration.
366 *
367 * @return string|bool The forwarded IP, or false if none could be extracted.
368 */
369function getIpAddressFromProxy($server, $trustedIps)
370{
371 $forwardedIpHeader = 'HTTP_X_FORWARDED_FOR';
372 if (empty($server[$forwardedIpHeader])) {
373 return false;
374 }
375
376 $ips = preg_split('/\s*,\s*/', $server[$forwardedIpHeader]);
377 $ips = array_diff($ips, $trustedIps);
378 if (empty($ips)) {
379 return false;
380 }
381
382 return array_pop($ips);
383}