Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow X-Forwarded-For to have multiple values #8409

Merged
merged 1 commit into from
May 16, 2017
Merged

Allow X-Forwarded-For to have multiple values #8409

merged 1 commit into from
May 16, 2017

Conversation

kassner
Copy link
Contributor

@kassner kassner commented Feb 3, 2017
edited by ishakhsuvarov

PR #1546 was closed because CLA issues, thus I'm resubmitting the changes.

Preconditions

  1. HAProxy/Nginx offloading SSL and sending traffic to Varnish;
  2. Varnish in front of Apache/Nginx.

Steps to reproduce

  1. Place an order according to the preconditions.

Expected result

  1. Current customer IP address stored into quote and order tables.

Actual result

  1. Stored IP is Varnish/HAProxy IP address relative to the webserver (usually 127.0.0.1 or some internal IP, depends on network structure);

@ishakhsuvarov ishakhsuvarov self-assigned this Feb 7, 2017
@ihor-sviziev
Copy link
Contributor

Would be great to have some unit test for this case

@ishakhsuvarov
Copy link
Contributor

@kassner Hi! Unfortunately, delivery of PR to the 2.1 brach is going to take some time.
Do you feel like opening a PR to the develop branch meanwhile?
Thanks.

@okorshenko okorshenko added this to the February 2017 milestone Feb 11, 2017
@maksek maksek modified the milestones: February 2017, March 2017 Mar 1, 2017
@okorshenko okorshenko added this to the March 2017 milestone Mar 1, 2017
@ishakhsuvarov
Copy link
Contributor

@kassner I am closing this PR for now due to lack of activity.
Please reopen if you would like to continue.
Thank you.

@kassner kassner changed the base branch from 2.1 to develop March 25, 2017 19:34
@kassner
Copy link
Contributor Author

kassner commented Mar 25, 2017

@ishakhsuvarov @vrann can you reopen? GitHub allows to rebase the PR from the interface, so I changed the target branch here.

@vrann vrann reopened this Mar 26, 2017
@kassner
Copy link
Contributor Author

kassner commented Mar 26, 2017

@vrann Done.

@okorshenko okorshenko modified the milestones: March 2017, April 2017 Apr 2, 2017
@ishakhsuvarov
Copy link
Contributor

Hi @kassner
Could you please provide detailed steps to reproduce the issue (exact software and configs used), so we could test it.
Thanks

adragus-inviqa
adragus-inviqa reviewed May 8, 2017
View reviewed changes
lib/internal/Magento/Framework/HTTP/PhpEnvironment/RemoteAddress.php
@@ -64,6 +64,11 @@ public function getRemoteAddress($ipToLong = false)
return false;
}

if (strpos($this->remoteAddress, ',') !== false) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You don't need this check. explode(',', 'abc') will give you an array nonetheless.

@adragus-inviqa
Copy link
Contributor

@ishakhsuvarov - XFF can have multiple IPs and I don't think M2 can handle that situation.

Same problem here.

@okorshenko okorshenko removed this from the April 2017 milestone May 9, 2017
@okorshenko okorshenko modified the milestones: May 2017, April 2017 May 9, 2017
@kassner
Copy link
Contributor Author

kassner commented May 11, 2017

@ishakhsuvarov we can see that happening when we have HAProxy -> Varnish -> Apache. It is appended by Varnish (rightfully) before reaching Apache:

*   << Request  >> 44385980
-   Begin          req 44385979 rxreq
-   Timestamp      Start: 1494487201.309345 0.000000 0.000000
-   Timestamp      Req: 1494487201.309345 0.000000 0.000000
-   ReqStart       127.0.0.1 44276
-   ReqMethod      GET
-   ReqURL         /
-   ReqProtocol    HTTP/1.1
...
-   ReqHeader      X-Forwarded-Port: 443
-   ReqHeader      X-Forwarded-Proto: https
-   ReqHeader      X-Forwarded-For: 1.1.1.1
-   ReqUnset       X-Forwarded-For: 1.1.1.1
-   ReqHeader      X-Forwarded-For: 1.1.1.1, 127.0.0.1
-   VCL_call       RECV

I guess you can simulate it by forcing the header X-Forwarded-For on Chrome using some extension.

@magento-team magento-team merged commit b96bbcd into magento:develop May 16, 2017
magento-team pushed a commit that referenced this pull request May 16, 2017
@ishakhsuvarov
MAGETWO-66797: Allow X-Forwarded-For to have multiple values #8409
659c880
@magento-team
Copy link
Contributor

@kassner thank you for your contribution to Magento 2 project

@kassner kassner mentioned this pull request May 16, 2017
Merged
magento-team pushed a commit that referenced this pull request Jun 13, 2017
MAGETWO-66797: Allow X-Forwarded-For to have multiple values #8409
a2af98a
@Ctucker9233
Copy link

@magento-team This is merged but doesn't appear in 2.2.7. Why?

@ihor-sviziev
Copy link
Contributor

Hi @Ctucker9233,
I just re-checked, this fix actually there! It was just little bit changed
https://github.com/magento/magento2/blob/2.2.7/lib/internal/Magento/Framework/HTTP/PhpEnvironment/RemoteAddress.php

@Ctucker9233
Copy link

@ihor-sviziev Perfect! Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adragus-inviqa adragus-inviqa adragus-inviqa left review comments

Assignees

@ishakhsuvarov ishakhsuvarov

Labels
improvement
Projects
None yet
Milestone
May 2017
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@kassner @ihor-sviziev @ishakhsuvarov @adragus-inviqa @magento-team @Ctucker9233 @maksek @vrann @okorshenko