IP::getNonProxyIpFromHeader retrieves final proxy instead of client · matomo-org/matomo#7060

(8 留言) (0 反應) (0 負責人)PHP (21,513 star) (2,847 fork)batch import

BugHelp wanted

描述

IP::getNonProxyIpFromHeader attempts to retrieve the client IP address from headers configured in proxy_client_headers[]. This calls IP::getLastIpFromList, excluding proxies configured via proxy_ips[].

What I do not understand is why by default this returns the last IP, whereas the format for X-Forwarded-For is client, proxy1, proxy2, ...: http://en.wikipedia.org/wiki/X-Forwarded-For#Format

This only becomes an issue when running Piwik behind multiple proxies; for example the configuration in question is:

[Enterprise Appliance] => [IIS ARR] => [Piwik]

So Piwik sees:

X-Forwarded-For: <client>, <enterprise_appliance>

Basically the current behavior would seem to select the IP of the last proxy by default. This would be problematic in a scenario with variable proxy IPs.

貢獻者指南

技術棧: php
領域: backend
議題類型: bug
難度: 3
預計時間: 1-3 hours
活動狀態: stale
清晰度: clear
前置要求: PHPX Forwarded For header formatproxy configuration
新手友善度: 45
研究方向: Examine the implementation of `IP::getNonProxyIpFromHeader` and `IP::getLastIpFromList` in core/IP.php. Understand the expected format of X Forwarded For (client, proxy1, proxy2). The current code returns the last IP, which is the proxy; it should return the first IP (client). Consider modifying the logic to retrieve the first IP instead of the last, ensuring any proxy IPs are still excluded. Check for any existing tests related to IP handling.