From c59722885288a8af90392b8019b415dd84229775 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Wed, 4 Feb 2009 21:40:20 +0000 Subject: added proxy_ips config item to whitelist reverse proxy servers to use the HTTP_X_FORWARDED_FOR header safely to determine the visitor's IP address --- system/libraries/Input.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'system/libraries/Input.php') diff --git a/system/libraries/Input.php b/system/libraries/Input.php index e879e2d13..6491d1791 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -346,8 +346,15 @@ class CI_Input { { return $this->ip_address; } + + if ($this->config->item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) + { + $proxies = preg_split('/[\s,]/', $this->config->item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); + $proxies = is_array($proxies) ? $proxies : array($proxies); - if ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) + $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; + } + elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) { $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; } @@ -373,7 +380,7 @@ class CI_Input { if (strstr($this->ip_address, ',')) { $x = explode(',', $this->ip_address); - $this->ip_address = end($x); + $this->ip_address = trim(end($x)); } if ( ! $this->valid_ip($this->ip_address)) -- cgit v1.2.3-24-g4f1b