IP::getNonProxyIpFromHeader retrieves final proxy instead of client · matomo-org/matomo#7060

(8 评论) (0 反应) (0 负责人)PHP (21,513 star) (2,847 fork)batch import

BugHelp wanted

描述

IP::getNonProxyIpFromHeader attempts to retrieve the client IP address from headers configured in proxy_client_headers[]. This calls IP::getLastIpFromList, excluding proxies configured via proxy_ips[].

What I do not understand is why by default this returns the last IP, whereas the format for X-Forwarded-For is client, proxy1, proxy2, ...: http://en.wikipedia.org/wiki/X-Forwarded-For#Format

This only becomes an issue when running Piwik behind multiple proxies; for example the configuration in question is:

[Enterprise Appliance] => [IIS ARR] => [Piwik]

So Piwik sees:

X-Forwarded-For: <client>, <enterprise_appliance>

Basically the current behavior would seem to select the IP of the last proxy by default. This would be problematic in a scenario with variable proxy IPs.

贡献者指南

技术栈: php
领域: backend
议题类型: bug
难度: 3
预计时间: 1-3 hours
活动状态: stale
清晰度: clear
前置要求: PHPX Forwarded For header formatproxy configuration
新手友好度: 45
研究方向: Examine the implementation of `IP::getNonProxyIpFromHeader` and `IP::getLastIpFromList` in core/IP.php. Understand the expected format of X Forwarded For (client, proxy1, proxy2). The current code returns the last IP, which is the proxy; it should return the first IP (client). Consider modifying the logic to retrieve the first IP instead of the last, ensuring any proxy IPs are still excluded. Check for any existing tests related to IP handling.