Trust only listed proxies for IP Allow/Deny.
This commit is contained in:
@@ -12,6 +12,9 @@ $HeadURL$
|
|||||||
* index.php, libraries/cleanup.lib.php, libraries/url_generating.lib.php,
|
* index.php, libraries/cleanup.lib.php, libraries/url_generating.lib.php,
|
||||||
libraries/common.lib.php, libraries/select_lang.lib.php: Fix path
|
libraries/common.lib.php, libraries/select_lang.lib.php: Fix path
|
||||||
disclossure while passing array as some params.
|
disclossure while passing array as some params.
|
||||||
|
* Documentation.html, libraries/ip_allow_deny.lib.php,
|
||||||
|
libraries/config.default.php: Trust only listed proxies for IP
|
||||||
|
Allow/Deny.
|
||||||
|
|
||||||
2006-11-16 Marc Delisle <lem9@users.sourceforge.net>
|
2006-11-16 Marc Delisle <lem9@users.sourceforge.net>
|
||||||
* pmd_pdf.php: export coordinates to PDF page even if the tables
|
* pmd_pdf.php: export coordinates to PDF page even if the tables
|
||||||
|
@@ -501,7 +501,7 @@ GRANT ALL PRIVILEGES ON user_base.* TO 'real_user'@localhost IDENTIFIED BY 'real
|
|||||||
suggested, perhaps a <a href="#glossary">.htaccess</a> file with the
|
suggested, perhaps a <a href="#glossary">.htaccess</a> file with the
|
||||||
HTTP-AUTH directive or disallowing incoming HTTP requests at
|
HTTP-AUTH directive or disallowing incoming HTTP requests at
|
||||||
one’s router or firewall will suffice (both of which
|
one’s router or firewall will suffice (both of which
|
||||||
are beyond the scope of this manual but easily searchable with Google).</li>
|
are beyond the scope of this manual but easily searchable with Google).</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<!-- CONFIGURATION -->
|
<!-- CONFIGURATION -->
|
||||||
@@ -1006,7 +1006,11 @@ ALTER TABLE `pma_column_comments`
|
|||||||
listed in the <i>allow</i> rules, and not listed in the <i>deny</i>
|
listed in the <i>allow</i> rules, and not listed in the <i>deny</i>
|
||||||
rules. This is the <b>most</b> secure means of using Allow/Deny rules,
|
rules. This is the <b>most</b> secure means of using Allow/Deny rules,
|
||||||
and was available in Apache by specifying allow and deny rules without
|
and was available in Apache by specifying allow and deny rules without
|
||||||
setting any order.
|
setting any order.<br /><br />
|
||||||
|
|
||||||
|
Please also see <a
|
||||||
|
href="#cfg_TrustedProxies">$cfg['TrustedProxies']</a> for detecting IP
|
||||||
|
address behind proxies.
|
||||||
</dd>
|
</dd>
|
||||||
<dt id="servers_allowdeny_rules">
|
<dt id="servers_allowdeny_rules">
|
||||||
<span id="cfg_Servers_AllowDeny_rules">$cfg['Servers'][$i]['AllowDeny']['rules']</span> array of strings
|
<span id="cfg_Servers_AllowDeny_rules">$cfg['Servers'][$i]['AllowDeny']['rules']</span> array of strings
|
||||||
@@ -1447,6 +1451,13 @@ ALTER TABLE `pma_column_comments`
|
|||||||
Character sets will be shown in same order as here listed, so if you
|
Character sets will be shown in same order as here listed, so if you
|
||||||
frequently use some of these move them to the top.</dd>
|
frequently use some of these move them to the top.</dd>
|
||||||
|
|
||||||
|
<dt id="cfg_TrustedProxies">$cfg['TrustedProxies'] array</dt>
|
||||||
|
<dd>Lists proxies which are trusted for <a
|
||||||
|
href="#servers_allowdeny_order">IP Allow/Deny</a>. This list is by
|
||||||
|
default empty, you need to fill in some trusted proxy servers if you
|
||||||
|
want to use rules for IP addresses behind proxy.
|
||||||
|
</dd>
|
||||||
|
|
||||||
<dt id="cfg_GD2Available">$cfg['GD2Available'] string</dt>
|
<dt id="cfg_GD2Available">$cfg['GD2Available'] string</dt>
|
||||||
<dd>Specifies whether GD >= 2 is available. If yes it can be used for
|
<dd>Specifies whether GD >= 2 is available. If yes it can be used for
|
||||||
MIME transformations.<br />
|
MIME transformations.<br />
|
||||||
|
@@ -612,6 +612,8 @@ $cfg['GD2Available'] = 'auto'; // Is GD >= 2 available? Set to yes/
|
|||||||
// does autodetection, which is a bit expensive for
|
// does autodetection, which is a bit expensive for
|
||||||
// php < 4.3.0, but it is the only safe vay how to
|
// php < 4.3.0, but it is the only safe vay how to
|
||||||
// determine GD version.
|
// determine GD version.
|
||||||
|
$cfg['TrustedProxies'] = array(); // List of trusted proxies for IP allow/deny
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* SQL Parser Settings
|
* SQL Parser Settings
|
||||||
*/
|
*/
|
||||||
|
@@ -50,6 +50,8 @@ function PMA_getIp()
|
|||||||
// Gets the default ip sent by the user
|
// Gets the default ip sent by the user
|
||||||
if (!empty($REMOTE_ADDR)) {
|
if (!empty($REMOTE_ADDR)) {
|
||||||
$direct_ip = $REMOTE_ADDR;
|
$direct_ip = $REMOTE_ADDR;
|
||||||
|
} else {
|
||||||
|
$direct_ip = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
// Gets the proxy ip sent by the user
|
// Gets the proxy ip sent by the user
|
||||||
@@ -71,7 +73,7 @@ function PMA_getIp()
|
|||||||
} // end if... elseif...
|
} // end if... elseif...
|
||||||
|
|
||||||
// Returns the true IP if it has been found, else false
|
// Returns the true IP if it has been found, else false
|
||||||
if (empty($proxy_ip)) {
|
if (empty($proxy_ip) || !in_array($direct_ip, $GLOBALS['cfg']['TrustedProxies'])) {
|
||||||
// True IP without proxy
|
// True IP without proxy
|
||||||
return $direct_ip;
|
return $direct_ip;
|
||||||
} else {
|
} else {
|
||||||
|
Reference in New Issue
Block a user