aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
authorArthur <arthur@hoa.ro>2016-10-12 14:48:57 +0200
committerGitHub <noreply@github.com>2016-10-12 14:48:57 +0200
commitadcdac1dec45090e2fa1cd4a340e91a40c7a205f (patch)
treee242ed8fe8f6ebf9ca02c1b4aca944f9f7bbd467 /application
parent24cfb960cfdd88255333bfb2a08d586916b460ae (diff)
parent50d179183810a7b719bc10da2b9c4a95fd9dddee (diff)
downloadShaarli-adcdac1dec45090e2fa1cd4a340e91a40c7a205f.tar.gz
Shaarli-adcdac1dec45090e2fa1cd4a340e91a40c7a205f.tar.zst
Shaarli-adcdac1dec45090e2fa1cd4a340e91a40c7a205f.zip
Merge pull request #623 from ArthurHoaro/security/reverse-proxy-ban
Add trusted IPs in config and try to ban forwarded IP on failed login
Diffstat (limited to 'application')
-rw-r--r--application/HttpUtils.php26
1 files changed, 26 insertions, 0 deletions
diff --git a/application/HttpUtils.php b/application/HttpUtils.php
index 27a39d3d..e705cfd6 100644
--- a/application/HttpUtils.php
+++ b/application/HttpUtils.php
@@ -355,3 +355,29 @@ function page_url($server)
355 } 355 }
356 return index_url($server); 356 return index_url($server);
357} 357}
358
359/**
360 * Retrieve the initial IP forwarded by the reverse proxy.
361 *
362 * Inspired from: https://github.com/zendframework/zend-http/blob/master/src/PhpEnvironment/RemoteAddress.php
363 *
364 * @param array $server $_SERVER array which contains HTTP headers.
365 * @param array $trustedIps List of trusted IP from the configuration.
366 *
367 * @return string|bool The forwarded IP, or false if none could be extracted.
368 */
369function getIpAddressFromProxy($server, $trustedIps)
370{
371 $forwardedIpHeader = 'HTTP_X_FORWARDED_FOR';
372 if (empty($server[$forwardedIpHeader])) {
373 return false;
374 }
375
376 $ips = preg_split('/\s*,\s*/', $server[$forwardedIpHeader]);
377 $ips = array_diff($ips, $trustedIps);
378 if (empty($ips)) {
379 return false;
380 }
381
382 return array_pop($ips);
383}