aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2016-08-03 10:36:47 +0200
committerArthurHoaro <arthur@hoa.ro>2016-08-03 10:36:47 +0200
commit50d179183810a7b719bc10da2b9c4a95fd9dddee (patch)
treee669db360950025b4b6534075e940f532b0f00f3 /application
parentc7a42ab1d9b21bf53cd30bc57b57789716c8711b (diff)
downloadShaarli-50d179183810a7b719bc10da2b9c4a95fd9dddee.tar.gz
Shaarli-50d179183810a7b719bc10da2b9c4a95fd9dddee.tar.zst
Shaarli-50d179183810a7b719bc10da2b9c4a95fd9dddee.zip
Add trusted IPs in config and try to ban forwarded IP on failed login
* Add a new settings (which needs to be manually set): `security.trusted_proxies` * On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers. * If found, the client address is added in ipbans, else we do nothing. Fixes #409
Diffstat (limited to 'application')
-rw-r--r--application/HttpUtils.php26
1 files changed, 26 insertions, 0 deletions
diff --git a/application/HttpUtils.php b/application/HttpUtils.php
index 2e0792f9..354d261c 100644
--- a/application/HttpUtils.php
+++ b/application/HttpUtils.php
@@ -215,3 +215,29 @@ function page_url($server)
215 } 215 }
216 return index_url($server); 216 return index_url($server);
217} 217}
218
219/**
220 * Retrieve the initial IP forwarded by the reverse proxy.
221 *
222 * Inspired from: https://github.com/zendframework/zend-http/blob/master/src/PhpEnvironment/RemoteAddress.php
223 *
224 * @param array $server $_SERVER array which contains HTTP headers.
225 * @param array $trustedIps List of trusted IP from the configuration.
226 *
227 * @return string|bool The forwarded IP, or false if none could be extracted.
228 */
229function getIpAddressFromProxy($server, $trustedIps)
230{
231 $forwardedIpHeader = 'HTTP_X_FORWARDED_FOR';
232 if (empty($server[$forwardedIpHeader])) {
233 return false;
234 }
235
236 $ips = preg_split('/\s*,\s*/', $server[$forwardedIpHeader]);
237 $ips = array_diff($ips, $trustedIps);
238 if (empty($ips)) {
239 return false;
240 }
241
242 return array_pop($ips);
243}