support reverse-proxied client addresses
This commit is contained in:
Ed Van Duinen
parent
e66c2794c0
commit
2271753bb0
3 changed files with 26 additions and 6 deletions
|
|
@ -522,7 +522,7 @@ insert into settings (name,value) values ('sharedClipboard','0');
|
|||
delete from settings where name='sharedTrash';
|
||||
insert into settings (name,value) values ('sharedTrash','0');
|
||||
delete from international where languageId=1 and namespace='WebGUI' and internationalId=629;
|
||||
INSERT INTO international (internationalId,languageId,namespace,message,lastUpdated) VALUES (629,1,'WebGUI','<b>Use shared clipboard?</b><br>\r\nEnables a single, system-wide clipboard shared by all users. Default is user separated clipboards.\r\n<p>\r\n\r\n<b>Use shared trash?</b><br>\r\nEnables a single, system-wide trash shared by all users. Default is user separated trash.\r\n<p>\r\n\r\n<b>Prevent Proxy Caching</b><br>\r\nSome companies have proxy servers that cause problems with WebGUI. If you\'re experiencing problems with WebGUI, and you have a proxy server, you may want to set this setting to <i>Yes</i>. Beware that WebGUI\'s URLs will not be as user-friendly after this feature is turned on.\r\n<p>\r\n\r\n<b>Show debugging?</b><br>\r\nShow debugging information in WebGUI\'s output. This is primarily useful for WebGUI developers, but can also be interesting for Administrators trying to troubleshoot a problem.\r\n<p>\r\n\r\n<b>Track page statistics?</b><br/>\r\nWebGUI can track some statistical information for your site. However, this will add a little extra strain on your processor and will make your database grow much more quickly. Enable this only if you do not have an external web statistics program.\r\n<p/>\r\n',1052850265);
|
||||
INSERT INTO international (internationalId,languageId,namespace,message,lastUpdated) VALUES (629,1,'WebGUI','<b>Use shared clipboard?</b><br>\r\nEnables a single, system-wide clipboard shared by all users. Default is user separated clipboards.\r\n<p>\r\n\r\n<b>Use shared trash?</b><br>\r\nEnables a single, system-wide trash shared by all users. Default is user separated trash.\r\n<p>\r\n\r\n<b>If proxied, use real client IP address?</b><br>\r\nIf enabled and if the environment variable HTTP_X_FORWARDED_FOR is present, it\'s value will be used in place of REMOTE_ADDRESS as the client browser\'s IP address. This is required for IP based groups to function properly in reverse-proxied, load-balanced system architectures. In these environments, all requests would otherwise appear to come from the same host, namely the proxy server. If you are uncertain if you need this setting enabled, you should probably leave it turned off.\r\n\<p>\r\n\r\n<b>Prevent Proxy Caching</b><br>\r\nSome companies have proxy servers that cause problems with WebGUI. If you\'re experiencing problems with WebGUI, and you have a proxy server, you may want to set this setting to <i>Yes</i>. Beware that WebGUI\'s URLs will not be as user-friendly after this feature is turned on.\r\n<p>\r\n\r\n<b>Show debugging?</b><br>\r\nShow debugging information in WebGUI\'s output. This is primarily useful for WebGUI developers, but can also be interesting for Administrators trying to troubleshoot a problem.\r\n<p>\r\n\r\n<b>Track page statistics?</b><br/>\r\nWebGUI can track some statistical information for your site. However, this will add a little extra strain on your processor and will make your database grow much more quickly. Enable this only if you do not have an external web statistics program.\r\n<p/>\r\n',1053459227);
|
||||
alter table HttpProxy change ProxiedUrl proxiedUrl varchar(255);
|
||||
delete from international where namespace='DataForm' and internationalId=78;
|
||||
delete from international where namespace='EventsCalendar' and internationalId=79;
|
||||
|
|
@ -553,5 +553,8 @@ delete from international where languageId=1 and namespace='WebGUI' and internat
|
|||
insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (971,1,'WebGUI','Time', 1053278208,'A field that holds clock time.');
|
||||
delete from international where languageId=1 and namespace='WebGUI' and internationalId=970;
|
||||
insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (970,1,'WebGUI','set time', 1053278089,'Click the button to use the time chooser wizard.');
|
||||
|
||||
delete from settings where name='proxiedClientAddress';
|
||||
insert into settings(name,value) values('proxiedClientAddress', '0');
|
||||
delete from international where languageId=1 and namespace='WebGUI' and internationalId=973;
|
||||
insert into international (internationalId,languageId,namespace,message,lastUpdated) values (973,1,'WebGUI','If proxied, use real client IP address?', 1053459227);
|
||||
|
||||
|
|
|
|||
|
|
@ -155,6 +155,7 @@ sub www_editMiscSettings {
|
|||
$f->hidden("op","saveSettings");
|
||||
$f->yesNo("sharedClipboard",WebGUI::International::get(947),$session{setting}{sharedClipboard});
|
||||
$f->yesNo("sharedTrash",WebGUI::International::get(946),$session{setting}{sharedTrash});
|
||||
$f->yesNo("proxiedClientAddress",WebGUI::International::get(973),$session{setting}{proxiedClientAddress});
|
||||
$f->yesNo("preventProxyCache",WebGUI::International::get(400),$session{setting}{preventProxyCache});
|
||||
$f->yesNo("showDebug",WebGUI::International::get(707),$session{setting}{showDebug});
|
||||
$f->yesNo("trackPageStatistics",WebGUI::International::get(749),$session{setting}{trackPageStatistics});
|
||||
|
|
|
|||
|
|
@ -111,8 +111,15 @@ sub _setupSessionVars {
|
|||
if ($vars{sessionId} ne "") {
|
||||
$session{scratch} = WebGUI::SQL->buildHashRef("select name,value from userSessionScratch
|
||||
where sessionId=".quote($_[0]));
|
||||
WebGUI::SQL->write("update userSession set lastPageView="._time().", lastIP='$ENV{REMOTE_ADDR}',
|
||||
expires=".(_time()+$session{setting}{sessionTimeout})." where sessionId='$_[0]'");
|
||||
if (($session{setting}{proxiedClientAddress} eq "1") && ($ENV{HTTP_X_FORWARDED_FOR} ne "")) {
|
||||
WebGUI::SQL->write("update userSession set lastPageView="._time().",
|
||||
lastIP='$ENV{HTTP_X_FORWARDED_FOR}',
|
||||
expires=".(_time()+$session{setting}{sessionTimeout})
|
||||
." where sessionId='$_[0]'");
|
||||
} else {
|
||||
WebGUI::SQL->write("update userSession set lastPageView="._time().", lastIP='$ENV{REMOTE_ADDR}',
|
||||
expires=".(_time()+$session{setting}{sessionTimeout})." where sessionId='$_[0]'");
|
||||
}
|
||||
} else {
|
||||
start(1,$_[0]);
|
||||
}
|
||||
|
|
@ -409,6 +416,10 @@ sub open {
|
|||
###----------------------------
|
||||
### evironment variables from web server
|
||||
$session{env} = \%ENV;
|
||||
### check to see if client is proxied and adjust remote_addr as necessary
|
||||
if (($session{setting}{proxiedClientAddress} eq "1") && ($ENV{HTTP_X_FORWARDED_FOR} ne "")) {
|
||||
$session{env}{REMOTE_ADDR} = $ENV{HTTP_X_FORWARDED_FOR};
|
||||
}
|
||||
###----------------------------
|
||||
### form variables
|
||||
foreach ($session{cgi}->param) {
|
||||
|
|
@ -608,8 +619,13 @@ Session id will be generated if not specified. In almost every case you should l
|
|||
sub start {
|
||||
my ($sessionId);
|
||||
$sessionId = $_[1] || crypt((_time()*rand(1000)),rand(99));
|
||||
WebGUI::SQL->write("insert into userSession values ('$sessionId', ".
|
||||
(_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{REMOTE_ADDR}', $_[0])");
|
||||
if (($session{setting}{proxiedClientAddress} eq "1") && ($ENV{HTTP_X_FORWARDED_FOR} ne "")) {
|
||||
WebGUI::SQL->write("insert into userSession values ('$sessionId', ".
|
||||
(_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{HTTP_X_FORWARDED_FOR}', $_[0])");
|
||||
} else {
|
||||
WebGUI::SQL->write("insert into userSession values ('$sessionId', ".
|
||||
(_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{REMOTE_ADDR}', $_[0])");
|
||||
}
|
||||
setCookie("wgSession",$sessionId);
|
||||
refreshSessionVars($sessionId);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue