[TYPO3-core] RFC: Fix bug #7397: Proxy servers replace REMOTE_ADDR with their own IP
Martin Kutschker
martin.kutschker-n0spam at no5pam-blackbox.net
Tue Feb 5 20:42:27 CET 2008
Martin Kutschker schrieb:
> Dmitry Dulepov [typo3] schrieb:
>> Hi!
>>
>> Michael Stucki wrote:
>>> Problem:
>>> When requesting the clients REMOTE_ADDR, it can happen that there is
>>> a proxy
>>> in between server and client, which replaces the value with his own
>>> IP, and
>>> puts the original IP in HTTP_X_FORWARDED_FOR instead.
>>>
>>> Solution:
>>> Add a new configuration option to send HTTP_X_FORWARDED_FOR when
>>> requesting
>>> the REMOTE_ADDR.
>>
>> There is a problem with the patch. Some proxies are configured to
>> reveal themselves but not show IP address of the user. They send
>> HTTP_X_FORWARDED_FOR with value "unknown". So your patch will given
>> invalid IP address. Some proxies are chained and they return two or
>> more addresses (like "192.168.0.23, 10.10.10.5") and it is impossible
>> to determine which address really belongs to cleint. Also will not
>> produce proper output with your patch.
>
> I'll try to take your comments into account when I make my own patch.
> Some concerns of yours are addressed already, I'll check the others as
> well.
Hm, too late now :-(
Masi
More information about the TYPO3-team-core
mailing list