From 2271753bb051bc2d114587c7fde2b5385dae6680 Mon Sep 17 00:00:00 2001 From: Ed Van Duinen Date: Tue, 20 May 2003 20:21:13 +0000 Subject: [PATCH] support reverse-proxied client addresses --- docs/upgrades/upgrade_5.2.6-5.3.0.sql | 7 +++++-- lib/WebGUI/Operation/Settings.pm | 1 + lib/WebGUI/Session.pm | 24 ++++++++++++++++++++---- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/docs/upgrades/upgrade_5.2.6-5.3.0.sql b/docs/upgrades/upgrade_5.2.6-5.3.0.sql index 21c0b227c..43fe7b846 100644 --- a/docs/upgrades/upgrade_5.2.6-5.3.0.sql +++ b/docs/upgrades/upgrade_5.2.6-5.3.0.sql @@ -522,7 +522,7 @@ insert into settings (name,value) values ('sharedClipboard','0'); delete from settings where name='sharedTrash'; insert into settings (name,value) values ('sharedTrash','0'); delete from international where languageId=1 and namespace='WebGUI' and internationalId=629; -INSERT INTO international (internationalId,languageId,namespace,message,lastUpdated) VALUES (629,1,'WebGUI','Use shared clipboard?
\r\nEnables a single, system-wide clipboard shared by all users. Default is user separated clipboards.\r\n

\r\n\r\nUse shared trash?
\r\nEnables a single, system-wide trash shared by all users. Default is user separated trash.\r\n

\r\n\r\nPrevent Proxy Caching
\r\nSome companies have proxy servers that cause problems with WebGUI. If you\'re experiencing problems with WebGUI, and you have a proxy server, you may want to set this setting to Yes. Beware that WebGUI\'s URLs will not be as user-friendly after this feature is turned on.\r\n

\r\n\r\nShow debugging?
\r\nShow debugging information in WebGUI\'s output. This is primarily useful for WebGUI developers, but can also be interesting for Administrators trying to troubleshoot a problem.\r\n

\r\n\r\nTrack page statistics?
\r\nWebGUI can track some statistical information for your site. However, this will add a little extra strain on your processor and will make your database grow much more quickly. Enable this only if you do not have an external web statistics program.\r\n

\r\n',1052850265); +INSERT INTO international (internationalId,languageId,namespace,message,lastUpdated) VALUES (629,1,'WebGUI','Use shared clipboard?
\r\nEnables a single, system-wide clipboard shared by all users. Default is user separated clipboards.\r\n

\r\n\r\nUse shared trash?
\r\nEnables a single, system-wide trash shared by all users. Default is user separated trash.\r\n

\r\n\r\nIf proxied, use real client IP address?
\r\nIf enabled and if the environment variable HTTP_X_FORWARDED_FOR is present, it\'s value will be used in place of REMOTE_ADDRESS as the client browser\'s IP address. This is required for IP based groups to function properly in reverse-proxied, load-balanced system architectures. In these environments, all requests would otherwise appear to come from the same host, namely the proxy server. If you are uncertain if you need this setting enabled, you should probably leave it turned off.\r\n\

\r\n\r\nPrevent Proxy Caching
\r\nSome companies have proxy servers that cause problems with WebGUI. If you\'re experiencing problems with WebGUI, and you have a proxy server, you may want to set this setting to Yes. Beware that WebGUI\'s URLs will not be as user-friendly after this feature is turned on.\r\n

\r\n\r\nShow debugging?
\r\nShow debugging information in WebGUI\'s output. This is primarily useful for WebGUI developers, but can also be interesting for Administrators trying to troubleshoot a problem.\r\n

\r\n\r\nTrack page statistics?
\r\nWebGUI can track some statistical information for your site. However, this will add a little extra strain on your processor and will make your database grow much more quickly. Enable this only if you do not have an external web statistics program.\r\n

\r\n',1053459227); alter table HttpProxy change ProxiedUrl proxiedUrl varchar(255); delete from international where namespace='DataForm' and internationalId=78; delete from international where namespace='EventsCalendar' and internationalId=79; @@ -553,5 +553,8 @@ delete from international where languageId=1 and namespace='WebGUI' and internat insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (971,1,'WebGUI','Time', 1053278208,'A field that holds clock time.'); delete from international where languageId=1 and namespace='WebGUI' and internationalId=970; insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (970,1,'WebGUI','set time', 1053278089,'Click the button to use the time chooser wizard.'); - +delete from settings where name='proxiedClientAddress'; +insert into settings(name,value) values('proxiedClientAddress', '0'); +delete from international where languageId=1 and namespace='WebGUI' and internationalId=973; +insert into international (internationalId,languageId,namespace,message,lastUpdated) values (973,1,'WebGUI','If proxied, use real client IP address?', 1053459227); diff --git a/lib/WebGUI/Operation/Settings.pm b/lib/WebGUI/Operation/Settings.pm index 985500d5a..9261c62fa 100644 --- a/lib/WebGUI/Operation/Settings.pm +++ b/lib/WebGUI/Operation/Settings.pm @@ -155,6 +155,7 @@ sub www_editMiscSettings { $f->hidden("op","saveSettings"); $f->yesNo("sharedClipboard",WebGUI::International::get(947),$session{setting}{sharedClipboard}); $f->yesNo("sharedTrash",WebGUI::International::get(946),$session{setting}{sharedTrash}); + $f->yesNo("proxiedClientAddress",WebGUI::International::get(973),$session{setting}{proxiedClientAddress}); $f->yesNo("preventProxyCache",WebGUI::International::get(400),$session{setting}{preventProxyCache}); $f->yesNo("showDebug",WebGUI::International::get(707),$session{setting}{showDebug}); $f->yesNo("trackPageStatistics",WebGUI::International::get(749),$session{setting}{trackPageStatistics}); diff --git a/lib/WebGUI/Session.pm b/lib/WebGUI/Session.pm index 36a972671..43e2ae227 100644 --- a/lib/WebGUI/Session.pm +++ b/lib/WebGUI/Session.pm @@ -111,8 +111,15 @@ sub _setupSessionVars { if ($vars{sessionId} ne "") { $session{scratch} = WebGUI::SQL->buildHashRef("select name,value from userSessionScratch where sessionId=".quote($_[0])); - WebGUI::SQL->write("update userSession set lastPageView="._time().", lastIP='$ENV{REMOTE_ADDR}', - expires=".(_time()+$session{setting}{sessionTimeout})." where sessionId='$_[0]'"); + if (($session{setting}{proxiedClientAddress} eq "1") && ($ENV{HTTP_X_FORWARDED_FOR} ne "")) { + WebGUI::SQL->write("update userSession set lastPageView="._time().", + lastIP='$ENV{HTTP_X_FORWARDED_FOR}', + expires=".(_time()+$session{setting}{sessionTimeout}) + ." where sessionId='$_[0]'"); + } else { + WebGUI::SQL->write("update userSession set lastPageView="._time().", lastIP='$ENV{REMOTE_ADDR}', + expires=".(_time()+$session{setting}{sessionTimeout})." where sessionId='$_[0]'"); + } } else { start(1,$_[0]); } @@ -409,6 +416,10 @@ sub open { ###---------------------------- ### evironment variables from web server $session{env} = \%ENV; + ### check to see if client is proxied and adjust remote_addr as necessary + if (($session{setting}{proxiedClientAddress} eq "1") && ($ENV{HTTP_X_FORWARDED_FOR} ne "")) { + $session{env}{REMOTE_ADDR} = $ENV{HTTP_X_FORWARDED_FOR}; + } ###---------------------------- ### form variables foreach ($session{cgi}->param) { @@ -608,8 +619,13 @@ Session id will be generated if not specified. In almost every case you should l sub start { my ($sessionId); $sessionId = $_[1] || crypt((_time()*rand(1000)),rand(99)); - WebGUI::SQL->write("insert into userSession values ('$sessionId', ". - (_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{REMOTE_ADDR}', $_[0])"); + if (($session{setting}{proxiedClientAddress} eq "1") && ($ENV{HTTP_X_FORWARDED_FOR} ne "")) { + WebGUI::SQL->write("insert into userSession values ('$sessionId', ". + (_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{HTTP_X_FORWARDED_FOR}', $_[0])"); + } else { + WebGUI::SQL->write("insert into userSession values ('$sessionId', ". + (_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{REMOTE_ADDR}', $_[0])"); + } setCookie("wgSession",$sessionId); refreshSessionVars($sessionId); }