[wikka-community] i have sugestion for X-Forwarded-For support

morten hundevad fannoj
Fri Oct 2 22:42:12 GMT 2009


I have code ready that works.

however a few of the variables in the file need to come from the wikka
config not sure how to do that...

anyway i was toled to post it on a wikka page on wikkawiki.org but i can't
register. i get message saying it is a private wiki.

In GetUserName instead of $ip = $_SERVER['REMOTE_ADDR']; i would use $ip =
$this->GetUserIP();

note: the code / function below, is rough and should propearly be finetuned
and note much of this code come direct from mediawiki. but its just to get
the idea

added: to wakka.class.php
---------------------------------------------------------------------------------------------------------
    function GetUserIP()
    {
        static $ip;
        if(isset($ip)) return $ip;

        $aprovedip = array('212.97.132.138'); // need to be pulled from the
config
        $useXFF = true; // need to be pulled from the config

        if (!$useXFF) {
            $ip = $_SERVER['REMOTE_ADDR'];
            return $ip;
        }

        /* collect the originating ips */
        # Client connecting to this webserver
        if ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
            $ipchain = array( $_SERVER['REMOTE_ADDR'] );
        } else {
            # Running on CLI?
            $ipchain = array( '127.0.0.1' );
        }
        $ip = $ipchain[0];

        # Append XFF on to $ipchain
        if( function_exists( 'apache_request_headers' ) ) {
            // More reliable than $_SERVER due to case and -/_ folding
            $set = array ();
            foreach ( apache_request_headers() as $tempName => $tempValue )
{
                $set[ strtoupper( $tempName ) ] = $tempValue;
            }
            $index = strtoupper ( 'X-Forwarded-For' );
            $index2 = strtoupper ( 'Client-ip' );
        } else {
            // Subject to spoofing with headers like X_Forwarded_For
            $set = $_SERVER;
            $index = 'HTTP_X_FORWARDED_FOR';
            $index2 = 'CLIENT-IP';
        }

        #Try a couple of headers
        if( isset( $set[$index] ) ) {
            $forwardedFor = $set[$index];
        } else if( isset( $set[$index2] ) ) {
            $forwardedFor = $set[$index2];
        } else {
            $forwardedFor = null;
        }

        if ( isset( $forwardedFor ) ) {
            $xff = array_map( 'trim', explode( ',', $forwardedFor ) );
            $xff = array_reverse( $xff );
            $ipchain = array_merge( $ipchain, $xff );
        }

        # Step through XFF list and find the last address in the list which
is a trusted server
        # Set $ip to the IP address given by that trusted server, unless the
address is not sensible (e.g. private)
        foreach ( $ipchain as $i => $curIP ) {
            if ( in_array( $curIP, $aprovedip ) ) {
                if ( isset( $ipchain[$i + 1] ) ) {
                    if( $useXFF ) {
                        $ip = $ipchain[$i + 1];
                    }
                }
            } else {
                break;
            }
        }
        return $ip;
    }
---------------------------------------------------------------------------------------------------------

-Thanks
Morten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.wikkawiki.org/pipermail/community_wikkawiki.org/attachments/20091003/73fda046/attachment.html>



More information about the community mailing list