#1263: Override of REMOTE_ADDR in AgaviWebRequest does not work
---------------------------------+------------------------------------------
Reporter: m.h...@… | Owner: david
Type: defect | Status: closed
Priority: normal | Milestone:
Component: request | Version: 1.0.1RC2
Severity: major | Resolution: invalid
Keywords: | Has_patch: 0
---------------------------------+------------------------------------------
Changes (by felix):
* status: new => closed
* resolution: => invalid
Comment:
This does not and will never work. HTTP_X_FORWARDED_FOR is not a proper
substitute for REMOTE_ADDR.
You can access HTTP_X_FORWARDED_FOR by using
$rd->getHeader('X_FORWARDED_FOR'). You'll need to validate the value
before you can access it.
Please don't forget that unlike REMOTE_ADDR, X_FORWARDED_FOR is a regular
header that can be forged by the client. By convention each proxy adds the
upstream IP address to this value, so for a chain of multiple proxies the
value may contain a comma separated list of IP addresses, one for each
proxy.
If you have any further questions regarding this issue, feel free to ask
in the irc channel or on the mailing list.
--
Ticket URL: <http://trac.agavi.org/ticket/1263#comment:1>
Agavi <http://www.agavi.org/>
An MVC Framework for PHP5
_______________________________________________
Agavi Tickets Mailing List
[email protected]
http://lists.agavi.org/mailman/listinfo/tickets
