diff --git a/system/blueprints/config/system.yaml b/system/blueprints/config/system.yaml index 08361010a..5d26c1d74 100644 --- a/system/blueprints/config/system.yaml +++ b/system/blueprints/config/system.yaml @@ -1485,6 +1485,50 @@ form: validate: type: bool + http_x_forwarded.protocol: + type: toggle + label: HTTP_X_FORWARDED_PROTO Enabled + highlight: 1 + default: 1 + options: + 1: PLUGIN_ADMIN.YES + 0: PLUGIN_ADMIN.NO + validate: + type: bool + + http_x_forwarded.host: + type: toggle + label: HTTP_X_FORWARDED_HOST Enabled + highlight: 0 + default: 0 + options: + 1: PLUGIN_ADMIN.YES + 0: PLUGIN_ADMIN.NO + validate: + type: bool + + http_x_forwarded.port: + type: toggle + label: HTTP_X_FORWARDED_PORT Enabled + highlight: 1 + default: 1 + options: + 1: PLUGIN_ADMIN.YES + 0: PLUGIN_ADMIN.NO + validate: + type: bool + + http_x_forwarded.ip: + type: toggle + label: HTTP_X_FORWARDED IP Enabled + highlight: 1 + default: 1 + options: + 1: PLUGIN_ADMIN.YES + 0: PLUGIN_ADMIN.NO + validate: + type: bool + experimental: type: tab title: PLUGIN_ADMIN.EXPERIMENTAL diff --git a/system/config/system.yaml b/system/config/system.yaml index 4c0617dd1..7ec9f9dd2 100644 --- a/system/config/system.yaml +++ b/system/config/system.yaml @@ -10,6 +10,12 @@ custom_base_url: '' # Set the base_url manually, e. username_regex: '^[a-z0-9_-]{3,16}$' # Only lowercase chars, digits, dashes, underscores. 3 - 16 chars pwd_regex: '(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}' # At least one number, one uppercase and lowercase letter, and be at least 8+ chars intl_enabled: true # Special logic for PHP International Extension (mod_intl) +http_x_forwarded: # Configuration options for the various HTTP_X_FORWARD headers + protocol: true + host: false + port: true + ip: true + languages: supported: [] # List of languages supported. eg: [en, fr, de] diff --git a/system/src/Grav/Common/Uri.php b/system/src/Grav/Common/Uri.php index 4a9d88663..0547f26e6 100644 --- a/system/src/Grav/Common/Uri.php +++ b/system/src/Grav/Common/Uri.php @@ -659,9 +659,9 @@ class Uri { if (getenv('HTTP_CLIENT_IP')) { $ip = getenv('HTTP_CLIENT_IP'); - } elseif (getenv('HTTP_X_FORWARDED_FOR')) { + } elseif (getenv('HTTP_X_FORWARDED_FOR') && Grav::instance()['config']->get('system.http_x_forwarded.ip')) { $ip = getenv('HTTP_X_FORWARDED_FOR'); - } elseif (getenv('HTTP_X_FORWARDED')) { + } elseif (getenv('HTTP_X_FORWARDED') && Grav::instance()['config']->get('system.http_x_forwarded.ip')) { $ip = getenv('HTTP_X_FORWARDED'); } elseif (getenv('HTTP_FORWARDED_FOR')) { $ip = getenv('HTTP_FORWARDED_FOR'); @@ -1185,7 +1185,7 @@ class Uri protected function createFromEnvironment(array $env) { // Build scheme. - if (isset($env['HTTP_X_FORWARDED_PROTO'])) { + if (isset($env['HTTP_X_FORWARDED_PROTO']) && Grav::instance()['config']->get('system.http_x_forwarded.protocol')) { $this->scheme = $env['HTTP_X_FORWARDED_PROTO']; } elseif (isset($env['X-FORWARDED-PROTO'])) { $this->scheme = $env['X-FORWARDED-PROTO']; @@ -1203,13 +1203,14 @@ class Uri $this->password = $env['PHP_AUTH_PW'] ?? null; // Build host. - $hostname = 'localhost'; - if (isset($env['HTTP_X_FORWARDED_HOST'])) { + if (isset($env['HTTP_X_FORWARDED_HOST']) && Grav::instance()['config']->get('system.http_x_forwarded.host')) { $hostname = $env['HTTP_X_FORWARDED_HOST']; } else if (isset($env['HTTP_HOST'])) { $hostname = $env['HTTP_HOST']; } elseif (isset($env['SERVER_NAME'])) { $hostname = $env['SERVER_NAME']; + } else { + $hostname = 'localhost'; } // Remove port from HTTP_HOST generated $hostname $hostname = Utils::substrToString($hostname, ':'); @@ -1217,7 +1218,7 @@ class Uri $this->host = $this->validateHostname($hostname) ? $hostname : 'unknown'; // Build port. - if (isset($env['HTTP_X_FORWARDED_PORT'])) { + if (isset($env['HTTP_X_FORWARDED_PORT']) && Grav::instance()['config']->get('system.http_x_forwarded.port')) { $this->port = (int)$env['HTTP_X_FORWARDED_PORT']; } elseif (isset($env['X-FORWARDED-PORT'])) { $this->port = (int)$env['X-FORWARDED-PORT'];