Problem/Motivation

Steps to reproduce

since multiple IPs are possible when retrieving from HTTP_X_FORWARDED_FOR header, I suggest splitting and using 1st IP found.

From my local instance I get this error currently: IP address `172.26.0.1, 172.26.0.2, 172.26.0.2` retrieved from HTTP_X_FORWARDED_FOR header is invalid.

Proposed resolution

If IP is invalid, try to split string and use first IP if found.

Remaining tasks

User interface changes

API changes

Data model changes

CommentFileSizeAuthor
#2 multiple-ips-returning-split-and-use-1st-one-3425451-1.patch1009 bytesharivenuv

Issue fork reverse_proxy_header-3425451

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

JohnLuk created an issue. See original summary.

harivenuv’s picture

harivenuv
Location India
commented
Status: Active » Needs review
StatusFileSize
new multiple-ips-returning-split-and-use-1st-one-3425451-1.patch1009 bytes

Patch: Extract the first IP address from comma-separated `HTTP_X_FORWARDED_FOR` header

- Updated the Reverse Proxy Header module to properly handle multiple IP addresses in the `HTTP_X_FORWARDED_FOR` header.
- The module now extracts and uses the first IP address from a comma-separated list.
- Ensures that only the first non-private, non-reserved IP address is used, improving compatibility with multiple proxy setups.
- Fixes potential issues where the module could incorrectly handle multiple forwarded IP addresses, leading to incorrect client IP detection.

bohart’s picture

bohart
Location Lutsk, Ukraine
commented
Version: 1.0.0 » 1.0.x-dev
Status: Needs review » Needs work

Great catch. Thanks for your contribution.

1) It looks like we should check for the first valid IP address in some foreach (instead of picking up the first address in the list and checking its validity), isn't it?

2) The maintainer of this module works only with Merge requests (instead of patch files, to run the test on the branch). Once the MR is created with an improvement from #1, it will be committed to dev branch to be a part of the next module release.

Looking forward,

harivenuv opened merge request !7

bohart changed the visibility of the branch 1.0.x to hidden.

bohart opened merge request !9

bohart changed the visibility of the branch 3425451-multiple-ips-returning to hidden.

  • bohart committed bd2e64c9 on 1.1.x 
    Issue #3425451 by harivenuv, bohart: Handle multiple IPs in the header...
bohart’s picture

bohart
Location Lutsk, Ukraine
commented
Version: 1.0.x-dev » 1.1.x-dev
Status: Needs work » Fixed

Hi @harivenuv,
Thanks for your contribution and the detailed description of the merge request!

Please be aware that you changed the 1.0.x branch (instead of the 3425451-multiple-ips-returning branch).
1.0.x, 1.1.x, etc. (as the development branches) should remain intact in the forks.
You also have committed some unrelated changes (a line break in the comment).

In addition, there was no test coverage. I have added those (with some code refactoring).
Committed to 1.1.x-dev branch. Those will be a part of the next module release.

Thanks!

Updated: released within 1.1.0 release.

bohart closed merge request !7

  • bohart committed 488b914a on 1.1.x 
    Issue #3425451 by bohart: Removed 'Empty value retrieved from @...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.