From a5a71359a5b320b0dc35fabfeb3e74e97a466a10 Mon Sep 17 00:00:00 2001 From: Jordan Pittman Date: Fri, 20 Jul 2012 19:36:43 -0300 Subject: Added support for IP Address Range Masks (e.g. 192.168.137.0/24) to the Proxy IPs config option --- system/core/Input.php | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 162e40c85..c0c85a5e8 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -330,10 +330,27 @@ class CI_Input { if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { + $hasRanges = strpos($proxies, '/') !== false; $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); - - $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; + + if ($hasRanges) { + $longIP = ip2long($_SERVER['REMOTE_ADDR']); + $bit32 = 1 << 32; + + foreach($proxies as $ip) { + list($address, $maskLength) = explode('/', $ip); + + $bitmask = $bit32 - (1 << (32 - (int)$maskLength)); + + if (($longIP & $bitmask) == $address) { + $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; + break; + } + } + } else { + $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; + } } elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) { -- cgit v1.2.3-24-g4f1b From 8960acf4fae56fd7b62a451ce8ea571c0e631ed1 Mon Sep 17 00:00:00 2001 From: Jordan Pittman Date: Mon, 23 Jul 2012 09:05:49 -0300 Subject: Update system/core/Input.php --- system/core/Input.php | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index c0c85a5e8..968a42a9a 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -330,24 +330,30 @@ class CI_Input { if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { - $hasRanges = strpos($proxies, '/') !== false; + $has_ranges = strpos($proxies, '/') !== false; $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); - if ($hasRanges) { - $longIP = ip2long($_SERVER['REMOTE_ADDR']); - $bit32 = 1 << 32; - - foreach($proxies as $ip) { - list($address, $maskLength) = explode('/', $ip); - - $bitmask = $bit32 - (1 << (32 - (int)$maskLength)); - - if (($longIP & $bitmask) == $address) { + if ($has_ranges) + { + $long_ip = ip2long($_SERVER['REMOTE_ADDR']); + $bit_32 = 1 << 32; + + // Go through each of the IP Addresses to check for and + // test against range notation + foreach($proxies as $ip) + { + list($address, $mask_length) = explode('/', $ip); + + // Generate the bitmask for a 32 bit IP Address + $bitmask = $bit_32 - (1 << (32 - (int)$mask_length)); + if (($long_ip & $bitmask) == $address) + { $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; break; } } + } else { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } -- cgit v1.2.3-24-g4f1b