mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-14 13:02:07 +02:00
Code Issues Projects Releases Wiki Activity

MDL-67861 core: Added $CFG->reverseproxyignore IP subnet list

Browse Source 
If your server is behind multiple reverse proxies that append to the
X-Forwarded-For header then you will need to specify a comma separated
list of ip addresses or subnets of the reverse proxies to be ignored
in order to find the users correct IP address.
This commit is contained in:
Brendan Heywood 2020-02-05 23:14:39 +11:00 committed by Eloy Lafuente (stronk7)
parent 516c8aa506
commit c2366b85b3
3 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
admin/settings/server.php
View File

@ -95,6 +95,7 @@ $options = array(
$temp->add(new admin_setting_configselect('getremoteaddrconf', new lang_string('getremoteaddrconf', 'admin'),
new lang_string('configgetremoteaddrconf', 'admin'),
GETREMOTEADDR_SKIP_HTTP_X_FORWARDED_FOR|GETREMOTEADDR_SKIP_HTTP_CLIENT_IP, $options));
$temp->add(new admin_setting_configtext('reverseproxyignore', new lang_string('reverseproxyignore', 'admin'), new lang_string('configreverseproxyignore', 'admin'), ''));
$temp->add(new admin_setting_heading('webproxy', new lang_string('webproxy', 'admin'), new lang_string('webproxyinfo', 'admin')));
$temp->add(new admin_setting_configtext('proxyhost', new lang_string('proxyhost', 'admin'), new lang_string('configproxyhost', 'admin'), '', PARAM_HOST));

2
lang/en/admin.php
View File

@ -329,6 +329,7 @@ $string['configrequestedstudentname'] = 'Word for student used in requested cour
$string['configrequestedstudentsname'] = 'Word for students used in requested courses';
$string['configrequestedteachername'] = 'Word for teacher used in requested courses';
$string['configrequestedteachersname'] = 'Word for teachers used in requested courses';
$string['configreverseproxyignore'] = 'If your server is behind multiple reverse proxies that append to the X-Forwarded-For header then you will need to specify a comma separated list of ip addresses or subnets of the reverse proxies to be ignored in order to find the users correct IP address.';
$string['configsectioninterface'] = 'Interface';
$string['configsectionmail'] = 'Mail';
$string['configsectionmaintenance'] = 'Maintenance';
@ -1064,6 +1065,7 @@ $string['restorernewroleid'] = 'Restorers\' role in courses';
$string['restorernewroleid_help'] = 'If the user does not already have the permission to manage the newly restored course, the user is automatically assigned this role and enrolled if necessary. Select "None" if you do not want restorers to be able to manage every restored course.';
$string['resultfilter'] = 'Filter by result';
$string['reverseproxy'] = 'Reverse proxy';
$string['reverseproxyignore'] = 'Ignore reverse proxies';
$string['riskconfig'] = 'Users could change site configuration and behaviour';
$string['riskconfigshort'] = 'Configuration risk';
$string['riskdataloss'] = 'Users could destroy large amounts of content or information';

5
lib/moodlelib.php
View File

@ -9205,6 +9205,11 @@ function getremoteaddr($default='0.0.0.0') {
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$forwardedaddresses = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
$forwardedaddresses = array_filter($forwardedaddresses, function($ip) {
global $CFG;
return !\core\ip_utils::is_ip_in_subnet_list($ip, $CFG->reverseproxyignore, ',');
});
// Multiple proxies can append values to this header including an
// untrusted original request header so we must only trust the last ip.
$address = end($forwardedaddresses);