From 238a2397bcbeb3ab6909bc9e5a969a7b6dc3bfdb Mon Sep 17 00:00:00 2001 From: Alex Pott Date: Sat, 17 Oct 2015 09:45:04 -0700 Subject: [PATCH] Issue #313145 by ghoti, t0xicCode, znerol, pwolanin, thedavidmeister, seanr, neclimdul, Damien Tournoud: Support X-Forwarded-* HTTP headers alternates --- .../ReverseProxyMiddleware.php | 19 +++++++++++--- .../ReverseProxyMiddlewareTest.php | 16 +++++++----- sites/default/default.settings.php | 26 ++++++++++++++++++- 3 files changed, 50 insertions(+), 11 deletions(-) diff --git a/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php b/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php index c6b49ab2741..db8019b18fc 100644 --- a/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php +++ b/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php @@ -11,7 +11,7 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\HttpKernelInterface; /** - * + * Provides support for reverse proxies. */ class ReverseProxyMiddleware implements HttpKernelInterface { @@ -48,8 +48,21 @@ class ReverseProxyMiddleware implements HttpKernelInterface { public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = TRUE) { // Initialize proxy settings. if ($this->settings->get('reverse_proxy', FALSE)) { - $reverse_proxy_header = $this->settings->get('reverse_proxy_header', 'X_FORWARDED_FOR'); - $request::setTrustedHeaderName($request::HEADER_CLIENT_IP, $reverse_proxy_header); + $ip_header = $this->settings->get('reverse_proxy_header', 'X_FORWARDED_FOR'); + $request::setTrustedHeaderName($request::HEADER_CLIENT_IP, $ip_header); + + $proto_header = $this->settings->get('reverse_proxy_proto_header', 'X_FORWARDED_PROTO'); + $request::setTrustedHeaderName($request::HEADER_CLIENT_PROTO, $proto_header); + + $host_header = $this->settings->get('reverse_proxy_host_header', 'X_FORWARDED_HOST'); + $request::setTrustedHeaderName($request::HEADER_CLIENT_HOST, $host_header); + + $port_header = $this->settings->get('reverse_proxy_port_header', 'X_FORWARDED_PORT'); + $request::setTrustedHeaderName($request::HEADER_CLIENT_PORT, $port_header); + + $forwarded_header = $this->settings->get('reverse_proxy_forwarded_header', 'FORWARDED'); + $request::setTrustedHeaderName($request::HEADER_FORWARDED, $forwarded_header); + $proxies = $this->settings->get('reverse_proxy_addresses', array()); if (count($proxies) > 0) { $request::setTrustedProxies($proxies); diff --git a/core/tests/Drupal/Tests/Core/StackMiddleware/ReverseProxyMiddlewareTest.php b/core/tests/Drupal/Tests/Core/StackMiddleware/ReverseProxyMiddlewareTest.php index f92109b42dd..df5729088b6 100644 --- a/core/tests/Drupal/Tests/Core/StackMiddleware/ReverseProxyMiddlewareTest.php +++ b/core/tests/Drupal/Tests/Core/StackMiddleware/ReverseProxyMiddlewareTest.php @@ -66,13 +66,11 @@ class ReverseProxyMiddlewareTest extends UnitTestCase { return array( array( array( - 'reverse_proxy_header' => 'HTTP_X_FORWARDED_FOR', - 'reverse_proxy_addresses' => array(), - ), - ), - array( - array( - 'reverse_proxy_header' => 'X_FORWARDED_HOST', + 'reverse_proxy_header' => 'X_FORWARDED_FOR_CUSTOMIZED', + 'reverse_proxy_proto_header' => 'X_FORWARDED_PROTO_CUSTOMIZED', + 'reverse_proxy_host_header' => 'X_FORWARDED_HOST_CUSTOMIZED', + 'reverse_proxy_port_header' => 'X_FORWARDED_PORT_CUSTOMIZED', + 'reverse_proxy_forwarded_header' => 'FORWARDED_CUSTOMIZED', 'reverse_proxy_addresses' => array('127.0.0.2', '127.0.0.3'), ), ), @@ -95,6 +93,10 @@ class ReverseProxyMiddlewareTest extends UnitTestCase { $middleware->handle($request); $this->assertSame($settings->get('reverse_proxy_header'), $request->getTrustedHeaderName($request::HEADER_CLIENT_IP)); + $this->assertSame($settings->get('reverse_proxy_proto_header'), $request->getTrustedHeaderName($request::HEADER_CLIENT_PROTO)); + $this->assertSame($settings->get('reverse_proxy_host_header'), $request->getTrustedHeaderName($request::HEADER_CLIENT_HOST)); + $this->assertSame($settings->get('reverse_proxy_port_header'), $request->getTrustedHeaderName($request::HEADER_CLIENT_PORT)); + $this->assertSame($settings->get('reverse_proxy_forwarded_header'), $request->getTrustedHeaderName($request::HEADER_FORWARDED)); $this->assertSame($settings->get('reverse_proxy_addresses'), $request->getTrustedProxies()); } } diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php index 376c5777005..b1f95e20183 100644 --- a/sites/default/default.settings.php +++ b/sites/default/default.settings.php @@ -369,7 +369,31 @@ $settings['update_free_access'] = FALSE; * Set this value if your proxy server sends the client IP in a header * other than X-Forwarded-For. */ -# $settings['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP'; +# $settings['reverse_proxy_header'] = 'X_CLUSTER_CLIENT_IP'; + +/** + * Set this value if your proxy server sends the client protocol in a header + * other than X-Forwarded-Proto. + */ +# $settings['reverse_proxy_proto_header'] = 'X_FORWARDED_PROTO'; + +/** + * Set this value if your proxy server sends the client protocol in a header + * other than X-Forwarded-Host. + */ +# $settings['reverse_proxy_host_header'] = 'X_FORWARDED_HOST'; + +/** + * Set this value if your proxy server sends the client protocol in a header + * other than X-Forwarded-Port. + */ +# $settings['reverse_proxy_port_header'] = 'X_FORWARDED_PORT'; + +/** + * Set this value if your proxy server sends the client protocol in a header + * other than Forwarded. + */ +# $settings['reverse_proxy_forwarded_header'] = 'FORWARDED'; /** * Page caching: