Merge pull request #667 in ZP/z-push from...

Merge pull request #667 in ZP/z-push from bugfix/ZP-1373-use_custom_remote_ip_header-not-working-with-apache to develop * commit '3dfa3443': ZP-1373 Modify custom header so it matches the apache modphp version. ZP-1373 Disable custom remote IP header by default.

Merge pull request #667 in ZP/z-push from...
Merge pull request #667 in ZP/z-push from bugfix/ZP-1373-use_custom_remote_ip_header-not-working-with-apache to develop * commit '3dfa3443': ZP-1373 Modify custom header so it matches the apache modphp version. ZP-1373 Disable custom remote IP header by default.
f95f2087 · Sebastian Kummer · 31d436d0 · 3dfa3443 · f95f2087 · f95f2087
Commit f95f2087 authored Mar 22, 2018 by Sebastian Kummer
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 6 deletions

config.php src/config.php +1 -1

request.php src/lib/request/request.php +14 -5

No files found.
--- a/src/config.php
+++ b/src/config.php
@@ -40,7 +40,7 @@
    // is available, the provided value will be used, else REMOTE_ADDR is maintained.
    // set to false to disable this behaviour.
    // common values: 'HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP' (casing is ignored)
-    define('USE_CUSTOM_REMOTE_IP_HEADER', 'HTTP_X_REAL_IP');
+    define('USE_CUSTOM_REMOTE_IP_HEADER', false);

    // When using client certificates, we can check if the login sent matches the owner of the certificate.
    // This setting specifies the owner parameter in the certificate to look at.

--- a/src/lib/request/request.php
+++ b/src/lib/request/request.php
@@ -254,11 +254,20 @@ class Request {
            }
        }

-        if (defined('USE_CUSTOM_REMOTE_IP_HEADER') && USE_CUSTOM_REMOTE_IP_HEADER !== false && isset(self::$headers[strtolower(USE_CUSTOM_REMOTE_IP_HEADER)])) {
-            $remoteIP = self::filterIP(self::$headers[strtolower(USE_CUSTOM_REMOTE_IP_HEADER)]);
-            if ($remoteIP) {
-                ZLog::Write(LOGLEVEL_DEBUG, sprintf("Using custom header '%s' to determine remote IP: %s - connect is coming from IP: %s", USE_CUSTOM_REMOTE_IP_HEADER, $remoteIP, self::$remoteAddr));
-                self::$remoteAddr = $remoteIP;
+        if (defined('USE_CUSTOM_REMOTE_IP_HEADER') && USE_CUSTOM_REMOTE_IP_HEADER !== false) {
+            // make custom header compatible with Apache modphp (see ZP-1332)
+            $header = $apacheHeader = strtolower(USE_CUSTOM_REMOTE_IP_HEADER);
+            if (substr($apacheHeader, 0, 5) === 'http_') {
+                $apacheHeader = substr($apacheHeader, 5);
+            }
+            $apacheHeader = str_replace("_", "-", $apacheHeader);
+            if (isset(self::$headers[$header]) || isset(self::$headers[$apacheHeader])) {
+                $remoteIP = isset(self::$headers[$header]) ? self::$headers[$header] : self::$headers[$apacheHeader];
+                $remoteIP = self::filterIP($remoteIP);
+                if ($remoteIP) {
+                    ZLog::Write(LOGLEVEL_DEBUG, sprintf("Using custom header '%s' to determine remote IP: %s - connect is coming from IP: %s", USE_CUSTOM_REMOTE_IP_HEADER, $remoteIP, self::$remoteAddr));
+                    self::$remoteAddr = $remoteIP;
+                }
            }
        }