manage visitor IP behind reverse proxies, refs #36

Signed-off-by: Jerome Jutteau <mojo@couak.net>
2025-04-22 12:36:17 +02:00 · 2015-05-07 12:50:04 +02:00 · 2015-05-07 12:50:04 +02:00 · d9647e1afe
commit d9647e1afe
parent 9dd7c6e444
4 changed files with 38 additions and 5 deletions
--- a/index.php
+++ b/index.php
@ -35,7 +35,7 @@ if (has_error ())
 }

 /* Check if user is allowed to upload. */
-if (!jirafeau_challenge_upload_ip ($cfg, $_SERVER['REMOTE_ADDR']))
+if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg)))
 {
    echo '<div class="error"><p>' . t('Access denied') . '</p></div>';
    require (JIRAFEAU_ROOT.'lib/template/footer.php');
--- a/lib/config.original.php
+++ b/lib/config.original.php
@ -89,6 +89,13 @@ $cfg['availabilities'] = array ('minute' => true,
 * 0 mean unlimited upload size.
 */
 $cfg['maximal_upload_size'] = 0;
+/* If your Jirafeau is behind some reverse proxies, you can set there IPs
+ * so Jirafeau get visitor's IP from HTTP_X_FORWARDED_FOR instead of
+ * REMOTE_ADDR.
+ * for example:
+ * $cfg['proxy_ip'] = array('12.34.56.78');
+ */
+$cfg['proxy_ip'] = array();
 /* Installation is done ? */
 $cfg['installation_done'] = false;

--- a/lib/functions.php
+++ b/lib/functions.php
@ -1108,3 +1108,29 @@ function jirafeau_challenge_upload_ip ($cfg, $ip)
    return false;
 }

+/**
+ * Get the ip address of the client from REMOTE_ADDR
+ * or from HTTP_X_FORWARDED_FOR if behind a proxy
+ * @returns an the client ip address
+ */
+function get_ip_address($cfg) {
+    if (count ($cfg['proxy_ip']) == 0 ||
+        empty ($_SERVER['HTTP_X_FORWARDED_FOR']))
+        return $_SERVER['REMOTE_ADDR'];
+
+    $iplist = explode (',', $_SERVER['HTTP_X_FORWARDED_FOR']);
+    if (count ($iplist) == 0)
+        return $_SERVER['REMOTE_ADDR'];
+
+    foreach ($cfg['proxy_ip'] as $proxy_ip)
+    {
+        if ($_SERVER['REMOTE_ADDR'] != $proxy_ip)
+            continue;
+
+        // Take the last IP (the one which has been set by our proxy).
+        $ip = end($iplist);
+        $ip = preg_replace ('/\s+/', '', $ip);
+        return $ip;
+    }
+    return $_SERVER['REMOTE_ADDR'];
+}
--- a/script.php
+++ b/script.php
@ -218,7 +218,7 @@ if (has_error ())
 if (isset ($_FILES['file']) && is_writable (VAR_FILES)
    && is_writable (VAR_LINKS))
 {
-    if (!jirafeau_challenge_upload_ip ($cfg, $_SERVER['REMOTE_ADDR']))
+    if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg)))
    {
        echo "Error";
        exit;
@ -278,7 +278,7 @@ if (isset ($_FILES['file']) && is_writable (VAR_FILES)

    $res = jirafeau_upload ($_FILES['file'],
                            isset ($_POST['one_time_download']),
-                            $key, $time, $_SERVER['REMOTE_ADDR'],
+                            $key, $time, get_ip_address($cfg),
                            $cfg['enable_crypt'], $cfg['link_name_length']);
    
    if (empty($res) || $res['error']['has_error'])
@ -511,7 +511,7 @@ fi
 /* Initialize an asynchronous upload. */
 elseif (isset ($_GET['init_async']))
 {
-    if (!jirafeau_challenge_upload_ip ($cfg, $_SERVER['REMOTE_ADDR']))
+    if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg)))
    {
        echo "Error";
        exit;
@ -575,7 +575,7 @@ elseif (isset ($_GET['init_async']))
                              isset ($_POST['one_time_download']),
                              $key,
                              $time,
-                              $_SERVER['REMOTE_ADDR']);
+                              get_ip_address($cfg));
 }
 /* Continue an asynchronous upload. */
 elseif (isset ($_GET['push_async']))