Merge pull request #4104 from m-martin-78/xfhsupport
Add support for X-Forwarded-Host proxy header
This commit is contained in:
commit
6e2ee56d21
|
@ -4,15 +4,35 @@ class init_checkssl_test extends DokuWikiTest {
|
|||
|
||||
/**
|
||||
* Running behind an SSL proxy, HTTP between server and proxy
|
||||
* Proxy (REMOTE_ADDR) is matched by default trustedproxy config regex
|
||||
* HTTPS not set
|
||||
* HTTP_X_FORWARDED_PROTO
|
||||
* set to https
|
||||
*/
|
||||
function test1() {
|
||||
function test1a() {
|
||||
global $conf;
|
||||
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
|
||||
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
|
||||
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
|
||||
|
||||
$this->assertEquals(is_ssl(), true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Running behind an SSL proxy, HTTP between server and proxy
|
||||
* Proxy (REMOTE_ADDR) is not matched by default trustedproxy config regex
|
||||
* HTTPS not set
|
||||
* HTTP_X_FORWARDED_PROTO
|
||||
* set to https
|
||||
*/
|
||||
function test1b() {
|
||||
global $conf;
|
||||
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
|
||||
$_SERVER['REMOTE_ADDR'] = '8.8.8.8';
|
||||
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
|
||||
|
||||
$this->assertEquals(is_ssl(), false);
|
||||
}
|
||||
|
||||
/**
|
||||
* Running behind a plain HTTP proxy, HTTP between server and proxy
|
||||
|
@ -20,6 +40,9 @@ class init_checkssl_test extends DokuWikiTest {
|
|||
* HTTP_X_FORWARDED_PROTO set to http
|
||||
*/
|
||||
function test2() {
|
||||
global $conf;
|
||||
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
|
||||
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
|
||||
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'http';
|
||||
|
||||
$this->assertEquals(is_ssl(), false);
|
||||
|
@ -31,6 +54,9 @@ class init_checkssl_test extends DokuWikiTest {
|
|||
* HTTP_X_FORWARDED_PROTO set to https
|
||||
*/
|
||||
function test3() {
|
||||
global $conf;
|
||||
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
|
||||
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
|
||||
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
|
||||
$_SERVER['HTTPS'] = 'off';
|
||||
|
||||
|
@ -73,6 +99,9 @@ class init_checkssl_test extends DokuWikiTest {
|
|||
* HTTP_X_FORWARDED_PROTO set to https
|
||||
*/
|
||||
function test7() {
|
||||
global $conf;
|
||||
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
|
||||
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
|
||||
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
|
||||
$_SERVER['HTTPS'] = 'on';
|
||||
|
||||
|
|
12
inc/init.php
12
inc/init.php
|
@ -495,7 +495,13 @@ function getBaseURL($abs = null)
|
|||
|
||||
//split hostheader into host and port
|
||||
if (isset($_SERVER['HTTP_HOST'])) {
|
||||
$parsed_host = parse_url('http://' . $_SERVER['HTTP_HOST']);
|
||||
if ((!empty($conf['trustedproxy'])) && isset($_SERVER['HTTP_X_FORWARDED_HOST'])
|
||||
&& preg_match('/' . $conf['trustedproxy'] . '/', $_SERVER['REMOTE_ADDR'])) {
|
||||
$cur_host = $_SERVER['HTTP_X_FORWARDED_HOST'];
|
||||
} else {
|
||||
$cur_host = $_SERVER['HTTP_HOST'];
|
||||
}
|
||||
$parsed_host = parse_url('http://' . $cur_host);
|
||||
$host = $parsed_host['host'] ?? '';
|
||||
$port = $parsed_host['port'] ?? '';
|
||||
} elseif (isset($_SERVER['SERVER_NAME'])) {
|
||||
|
@ -535,7 +541,9 @@ function getBaseURL($abs = null)
|
|||
function is_ssl()
|
||||
{
|
||||
// check if we are behind a reverse proxy
|
||||
if (($_SERVER['HTTP_X_FORWARDED_PROTO'] ?? '') == 'https') {
|
||||
if ((!empty($conf['trustedproxy'])) && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])
|
||||
&& preg_match('/' . $conf['trustedproxy'] . '/', $_SERVER['REMOTE_ADDR'])
|
||||
&& ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue