New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed #018555: Debug by ip not usable if being a proxy #104
Conversation
alafon
commented
Aug 18, 2011
- I first implemented the logic in the eZDebug::isAllowedByCurrentIP() method itself, but after reading a comment in a related issue of 018555, I decided to add a clientIP() method to eZSys in order to make the job.
- I chose not to hard code the header name in the method because, even if commonly used by Squid and other proxy, X-Forwarded-For is not mentioned in any RFC (yet?).
Nice pull request Arnaud :-) |
Thanks Damien.
It is done this way :) |
doh! sorry the example mislead me :-/ |
Done :
|
Fixed #018555: Debug by ip not usable if being a proxy
Sorry for asking stuff on a closed pull request, but #112 made me think about the setting introduced here. What I'm thinking about is to instead have a enable/disable setting(aka only enable if you trust the source setting these headers), and potentially also reuse it for things like X-Forward-Host used in hostname(). |
The problem is that during my investigation about X-Forward-For, I've discovered that it's not in any official RFC. You're right, it (the header name) is commonly used by technologies such as Varnish, so maybe we could hard code the header name... My though are that having X-Forward-For as a default parameter is ok, and being able to change it on demand is also a good feature since sometime eZ publish is behind homemade proxys (such as the big customer for whom I've implemented this). |
Yes, I see your point. |
Alright. |