Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-5194

x-forwarded-for header may contain more than 1 IP address

        Details

        • Type: Improvement
        • Status: In Review
        • Priority: Major
        • Resolution: Fixed
        • Affects Version/s: 5.10.0-b2
        • Fix Version/s: 5.12.0-b1
        • Component/s: None
        • Labels:
          None

          Description

          If under Settings > System > General, "My installation is behind a proxy or load balancer" is enabled, we look for and log the x-forwarded-for header instead, which should contain the original client IP.

          However, if there are more than 1 proxy, x-forwarded-for headers are appended to include all the IPs of all the steps from client to server.

          We should detect whether there are multiple IPs in x-forwarded-for if this setting is enabled, and if there are, parse them out and log only the 1st occurring IP address.. whether IPv4 or IPv6.

          Here is the RFC https://datatracker.ietf.org/doc/html/rfc7239

          Note that IPs may contain ports and other data, examples:

          Forwarded: for="_gazonk"
          Forwarded: For="[2001:db8:cafe::17]:4711"
          Forwarded: for=192.0.2.60;proto=http;by=203.0.113.43
          Forwarded: for=192.0.2.43, for=198.51.100.17

            Activity

            Ascending order - Click to sort in descending order
            admin Paul Phillips created issue -
            admin Paul Phillips made changes -
            Field Original Value New Value
            Description If under Settings > System > General, "My installation is behind a proxy or load balancer" is enabled, we look for and log the x-forwarded-for header instead, which should contain the original client IP.

            However, if there are more than 1 proxy, x-forwarded-for headers are appended to include all the IPs of all the steps from client to server.

            We should detect whether there are multiple IPs in x-forwarded-for if this setting is enabled, and if there are, parse them out and log only the 1st occurring IP address.. whether IPv4 or IPv6.             		If under Settings > System > General, "My installation is behind a proxy or load balancer" is enabled, we look for and log the x-forwarded-for header instead, which should contain the original client IP.

            However, if there are more than 1 proxy, x-forwarded-for headers are appended to include all the IPs of all the steps from client to server.

            We should detect whether there are multiple IPs in x-forwarded-for if this setting is enabled, and if there are, parse them out and log only the 1st occurring IP address.. whether IPv4 or IPv6.

            Here is the RFC https://datatracker.ietf.org/doc/html/rfc7239

            Note that IPs may contain ports and other data, examples:

                   Forwarded: for="_gazonk"
                   Forwarded: For="[2001:db8:cafe::17]:4711"
                   Forwarded: for=192.0.2.60;proto=http;by=203.0.113.43
                   Forwarded: for=192.0.2.43, for=198.51.100.17
            jonathan Jonathan Reissmueller made changes -
            Rank Ranked higher
            jonathan Jonathan Reissmueller made changes -
            Story Points 3
            jonathan Jonathan Reissmueller made changes -
            Sprint 5.11.0 Sprint 5 [ 204 ]
            jonathan Jonathan Reissmueller made changes -
            Rank Ranked higher
            admin Paul Phillips made changes -
            Fix Version/s 5.12.0-b1 [ 12000 ]
            Fix Version/s 5.11.0-b1 [ 11908 ]
            admin Paul Phillips made changes -
            Sprint 5.11.0 Sprint 5 [ 204 ]
            admin Paul Phillips made changes -
            Rank Ranked higher
            jonathan Jonathan Reissmueller made changes -
            Sprint 5.12.0 Sprint 4 [ 214 ]
            jonathan Jonathan Reissmueller made changes -
            Rank Ranked higher
            abdy Abdy Franco made changes -
            Assignee Abdy Franco [ abdy ]
            abdy Abdy Franco made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            abdy Abdy Franco made changes -
            Remaining Estimate 0 minutes [ 0 ]
            Time Spent 3 hours, 45 minutes [ 13500 ]
            Worklog Id 17686 [ 17686 ]
            abdy Abdy Franco made changes -
            Status In Progress [ 3 ] In Review [ 5 ]
            Resolution Fixed [ 1 ]
            abdy Abdy Franco made changes -
            Time Spent 3 hours, 45 minutes [ 13500 ] 5 hours, 11 minutes [ 18660 ]
            Worklog Id 17710 [ 17710 ]
            abdy Abdy Franco made changes -
            Time Spent 5 hours, 11 minutes [ 18660 ] 6 hours, 38 minutes [ 23880 ]
            Worklog Id 17716 [ 17716 ]
            abdy Abdy Franco made changes -
            Time Spent 6 hours, 38 minutes [ 23880 ] 1 day, 5 hours, 21 minutes [ 48060 ]
            Worklog Id 17729 [ 17729 ]
            jonathan Jonathan Reissmueller made changes -
            Sprint 5.12.0 Sprint 4 [ 214 ] 5.12.0 Sprint 4, 5.12.0 Sprint 5 [ 214, 215 ]
            jonathan Jonathan Reissmueller made changes -
            Rank Ranked higher

              People

              • Assignee:
                abdy Abdy Franco
                Reporter:
                admin Paul Phillips
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 5 hours, 21 minutes
                  1d 5h 21m

                    Agile