From f58a294949547ed132bf3cdb5815b68c659b992a Mon Sep 17 00:00:00 2001
From: Felix Eckhofer <felix@eckhofer.com>
Date: Fri, 25 Apr 2014 12:40:53 -0400
Subject: [PATCH] Add config variable 'proxy_whitelist'
---
program/lib/Roundcube/rcube_utils.php | 25 ++++++++++++++++++-------
1 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/program/lib/Roundcube/rcube_utils.php b/program/lib/Roundcube/rcube_utils.php
index ae3e3a4..c2009ce 100644
--- a/program/lib/Roundcube/rcube_utils.php
+++ b/program/lib/Roundcube/rcube_utils.php
@@ -596,7 +596,9 @@
if (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off') {
return true;
}
- if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https') {
+ if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])
+ && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https'
+ && in_array($_SERVER['REMOTE_ADDR'], rcube::get_instance()->config->get('proxy_whitelist', array()))) {
return true;
}
if ($port && $_SERVER['SERVER_PORT'] == $port) {
@@ -681,13 +683,22 @@
*/
public static function remote_addr()
{
- if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
- $hosts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'], 2);
- return $hosts[0];
- }
+ // Check if any of the headers are set first to improve performance
+ if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) || !empty($_SERVER['HTTP_X_REAL_IP'])) {
+ $proxy_whitelist = rcube::get_instance()->config->get('proxy_whitelist', array());
+ if (in_array($_SERVER['REMOTE_ADDR'], $proxy_whitelist)) {
+ if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ foreach(array_reverse(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])) as $forwarded_ip) {
+ if (!in_array($forwarded_ip, $proxy_whitelist)) {
+ return $forwarded_ip;
+ }
+ }
+ }
- if (!empty($_SERVER['HTTP_X_REAL_IP'])) {
- return $_SERVER['HTTP_X_REAL_IP'];
+ if (!empty($_SERVER['HTTP_X_REAL_IP'])) {
+ return $_SERVER['HTTP_X_REAL_IP'];
+ }
+ }
}
if (!empty($_SERVER['REMOTE_ADDR'])) {
--
Gitblit v1.9.1