Re: [squid-users] HTTP Header

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 10 Jan 2009 00:06:40 +1300

Matus UHLAR - fantomas wrote:
>> Mehmet �ELiK wrote:
>>>> In your vBulletin includes/init.php file change "define('IPADDRESS',
>>>> $_SERVER['REMOTE_ADDR']);" to "define('IPADDRESS',
>>>> $_SERVER['HTTP_X_FORWARDED_FOR']);".
>>>>
>>> No. I don't this. Because, this is not right method..
>
> On 09.01.09 22:40, Amos Jeffries wrote:
>> In my PHP-apps I do the equivalent of this:
>>
>> if ($trust_XFF && $_SERVER['HTTP_X_FORWARDED_FOR'])
>> define('IPADDRESS', $_SERVER['HTTP_X_FORWARDED_FOR']);
>> else
>> define('IPADDRESS', $_SERVER['REMOTE_ADDR']);
>
> Is that working? Afaik, x-forwarded-for may contain more IP addresses, where
> not all of them may be trusted. I think that proper validator should have
> list of (un)trusted networks and match REMOTE_ADDR and HTTP_X_FORWARDED_FOR
> until untrusted IP is found (the same waty as squid's follow_x_forwarded_for
> directive does.
>
> If anyone have such PHP, please paste a link. I think that could be used in
> many other PHP applications (and I'd post that to horde people)

Actually come to think of it that way wrong anyways.

This is better...

function userIP()
{
         global $_SERVER;

         $ip="";
         $l =
explode(",",$_SERVER['HTTP_X_FORWARDED_FOR'].",".$_SERVER['REMOTE_ADDR']);
         rsort($l);
         foreach( $l as $key => $val) {
                 if(!$val) continue;
                 $bits="";
 
if(!ereg("((([0-9]{1,3}\.){3}([0-9]{1,3}))|([0-9a-f]{0,4}:(([0-9a-f]{1,4}:){0,6}|:)[0-9a-f]{0,4}))",$val,
$bits))
                 {
                         return ""; // BAD IP.
                 }

                 // TODO some test to see if its an acceptable IP.
                 // return ""; if its not a good IP.

                 $ip = $bits[1];
         }
         return $ip;
}

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
   Current Beta Squid 3.1.0.3
Received on Fri Jan 09 2009 - 11:08:19 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 09 2009 - 12:00:02 MST