|
In-Portal Issue Tracker - In-Portal CMS
|
|
Viewing Issue Advanced Details |
|
|
ID:
|
Category:
|
Type:
|
Reproducibility:
|
Date Submitted:
|
Last Update:
|
|
1317 |
[In-Portal CMS] Front End |
bug report |
always |
2012-06-11 08:15 |
2012-10-10 23:58 |
|
|
Reporter:
|
alex |
Platform:
|
|
|
|
Assigned To:
|
alex |
OS:
|
|
|
|
Priority:
|
normal |
OS Version:
|
|
|
|
Status:
|
resolved |
Product Version:
|
5.1.3 |
|
|
Product Build:
|
|
Resolution:
|
fixed |
|
| |
|
ETA:
|
none |
Fixed in Version:
|
5.2.1-B1 |
|
|
Reference:
|
https://groups.google.com/d/topic/in-portal-bugs/70sQKBByKY8/discussion |
|
Change Log Message:
|
Improving IP address detection |
|
Estimate Points:
|
1 |
|
|
Summary:
|
0001317: Allow to specify what IP address source to use |
|
Description:
|
Right now In-Portal always relies on $_SERVER['REMOTE_ADDR'] variable to determine client's IP address.
This works not in all cases. For example, when behind Amazon Web Services load balancer the actual IP address is located in $_SERVER['X_HTTP_FORWARDED_FOR'] variable.
Always relying on X_HTTP_FORWARDED_FOR and then on REMOTE_ADDR is bad idea because attacker could forge fake ip to pass ip-based check. To solve this I'm proposing to add new configuration setting, where user can select preferred IP address sources with possible options:
* $_SERVER['X_HTTP_FORWARDED_FOR']
* getenv('X_HTTP_FORWARDED_FOR')
* $_SERVER['REMOTE_ADDR']
* getenv('REMOTE_ADDR')
Based on server configuration some of these option might return empty string instead of IP address and it's up to use to choose what to use. By default we will use $_SERVER['REMOTE_ADDR'] for backward compatibility. |
|
Steps To Reproduce:
|
|
|
Additional Information:
|
At the end method $this->Application->getIP() would return correct value based on configuration setting.
Since IP address check can be performed before application initialization this new setting must be added to /system/config.php file instead of SystemSettings database table. Of course install/upgrade wizard steps needs to be updated to reflect that. |
| Relationships | |
|
Attached Files:
|
 improved_client_ip_detection_core.patch (16,764) 2012-10-10 08:22
http://tracker.in-portal.org/file_download.php?file_id=1821&type=bug
improved_client_ip_detection_modules.patch (11,065) 2012-10-10 08:23
http://tracker.in-portal.org/file_download.php?file_id=1822&type=bug |
|
|
Issue History |
|
Date Modified |
Username |
Field |
Change |
|
2012-10-10 23:58 |
Dmitry |
Target Version |
Icebox => 5.2.1 |
|
2012-10-10 08:31 |
alex |
Issue Monitored: Dmitry |
|
|
2012-10-10 08:31 |
alex |
Note Added: 0005217 |
|
|
2012-10-10 08:29 |
alex |
Note Added: 0005216 |
|
|
2012-10-10 08:29 |
alex |
Status |
reviewed and tested => resolved |
|
2012-10-10 08:29 |
alex |
Fixed in Version |
=> 5.2.1-B1 |
|
2012-10-10 08:29 |
alex |
Resolution |
open => fixed |
|
2012-10-10 08:29 |
alex |
Assigned To |
!COMMUNITY => alex |
|
2012-10-10 08:29 |
alex |
Changeset attached |
5.2.x r15569 |
|
2012-10-10 08:27 |
alex |
Changeset attached |
5.2.x r15568 |
|
2012-10-10 08:26 |
alex |
Changeset attached |
5.2.x r15567 |
|
2012-10-10 08:26 |
alex |
Changeset attached |
5.2.x r15566 |
|
2012-10-10 08:25 |
alex |
Note Added: 0005215 |
|
|
2012-10-10 08:25 |
alex |
Status |
needs testing => reviewed and tested |
|
2012-10-10 08:25 |
alex |
Assigned To |
=> !COMMUNITY |
|
2012-10-10 08:25 |
alex |
Developer |
=> alex |
|
2012-10-10 08:25 |
alex |
Status |
active => needs testing |
|
2012-10-10 08:23 |
alex |
File Added: improved_client_ip_detection_modules.patch |
|
|
2012-10-10 08:22 |
alex |
File Added: improved_client_ip_detection_core.patch |
|
|
2012-06-11 08:15 |
alex |
New Issue |
|
|
2012-06-11 08:15 |
alex |
Reference |
=> https://groups.google.com/d/topic/in-portal-bugs/70sQKBByKY8/discussion |
|
2012-06-11 08:15 |
alex |
Change Log Message |
=> Improving IP address detection |
|
2012-06-11 08:15 |
alex |
Estimate Points |
=> 1 |