[TYPO3-core] RFC: Fix bug #7397: Proxy servers replace REMOTE_ADDR with their own IP
Martin Kutschker
martin.kutschker-n0spam at no5pam-blackbox.net
Tue Feb 5 19:05:54 CET 2008
Dmitry Dulepov [typo3] schrieb:
> Hi!
>
> Michael Stucki wrote:
>> Problem:
>> When requesting the clients REMOTE_ADDR, it can happen that there is a
>> proxy
>> in between server and client, which replaces the value with his own
>> IP, and
>> puts the original IP in HTTP_X_FORWARDED_FOR instead.
>>
>> Solution:
>> Add a new configuration option to send HTTP_X_FORWARDED_FOR when
>> requesting
>> the REMOTE_ADDR.
>
> There is a problem with the patch. Some proxies are configured to reveal
> themselves but not show IP address of the user. They send
> HTTP_X_FORWARDED_FOR with value "unknown". So your patch will given
> invalid IP address. Some proxies are chained and they return two or more
> addresses (like "192.168.0.23, 10.10.10.5") and it is impossible to
> determine which address really belongs to cleint. Also will not produce
> proper output with your patch.
I'll try to take your comments into account when I make my own patch.
Some concerns of yours are addressed already, I'll check the others as well.
Masi
More information about the TYPO3-team-core
mailing list