Skip to content

Commit

Permalink
RequestFactory: extract port from x-forwarded-host (#230)
Browse files Browse the repository at this point in the history
Co-authored-by: David Grudl <[email protected]>
  • Loading branch information
Izolex and dg authored Nov 4, 2024
1 parent 72a6d5a commit 089e9f9
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 6 deletions.
10 changes: 8 additions & 2 deletions src/Http/RequestFactory.php
Original file line number Diff line number Diff line change
Expand Up @@ -347,8 +347,14 @@ private function useNonstandardProxy(Url $url): ?string

if (isset($xForwardedForRealIpKey) && !empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
$xForwardedHost = explode(',', $_SERVER['HTTP_X_FORWARDED_HOST']);
if (isset($xForwardedHost[$xForwardedForRealIpKey])) {
$url->setHost(trim($xForwardedHost[$xForwardedForRealIpKey]));
if (
isset($xForwardedHost[$xForwardedForRealIpKey])
&& ($pair = $this->parseHostAndPort(trim($xForwardedHost[$xForwardedForRealIpKey])))
) {
$url->setHost($pair[0]);
if (isset($pair[1])) {
$url->setPort($pair[1]);
}
}
}

Expand Down
69 changes: 65 additions & 4 deletions tests/Http/RequestFactory.proxy.x-forwarded.phpt
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,43 @@ test('', function () {

$url = $factory->fromGlobals()->getUrl();
Assert::same('otherhost', $url->getHost());
Assert::same(80, $url->getPort());
});

test('', function () {
$_SERVER = [
'REMOTE_ADDR' => '127.0.0.3',
'REMOTE_HOST' => 'localhost',
'HTTP_X_FORWARDED_FOR' => '23.75.45.200',
'HTTP_X_FORWARDED_HOST' => 'otherhost:8080',
];

$factory = new RequestFactory;
$factory->setProxy('127.0.0.3');
Assert::same('23.75.45.200', $factory->fromGlobals()->getRemoteAddress());
Assert::same('a23-75-45-200.deploy.static.akamaitechnologies.com', $factory->fromGlobals()->getRemoteHost());

$url = $factory->fromGlobals()->getUrl();
Assert::same('otherhost', $url->getHost());
Assert::same(8080, $url->getPort());
});

test('', function () {
$_SERVER = [
'REMOTE_ADDR' => '127.0.0.3',
'HTTP_X_FORWARDED_FOR' => '23.75.45.200',
'HTTP_X_FORWARDED_HOST' => 'otherhost',
'HTTP_X_FORWARDED_PROTO' => 'https',
'HTTP_X_FORWARDED_PORT' => '8080',
];

$factory = new RequestFactory;
$factory->setProxy('127.0.0.3');

$url = $factory->fromGlobals()->getUrl();
Assert::same('https', $url->getScheme());
Assert::same('otherhost', $url->getHost());
Assert::same(8080, $url->getPort());
});

test('', function () {
Expand All @@ -44,11 +81,35 @@ test('', function () {
$factory = new RequestFactory;
$factory->setProxy('10.0.0.0/24');
Assert::same('172.16.0.1', $factory->fromGlobals()->getRemoteAddress());
Assert::null($factory->fromGlobals()->getRemoteHost());
Assert::same('real', $factory->fromGlobals()->getUrl()->getHost());
Assert::same('172.16.0.1', $factory->fromGlobals()->getRemoteHost());

$url = $factory->fromGlobals()->getUrl();
Assert::same('real', $url->getHost());
Assert::same(80, $url->getPort());

$factory->setProxy(['10.0.0.1', '10.0.0.2']);
Assert::same('172.16.0.1', $factory->fromGlobals()->getRemoteAddress());
Assert::null($factory->fromGlobals()->getRemoteHost());
Assert::same('real', $factory->fromGlobals()->getUrl()->getHost());
Assert::same('172.16.0.1', $factory->fromGlobals()->getRemoteHost());

$url = $factory->fromGlobals()->getUrl();
Assert::same('real', $url->getHost());
Assert::same(80, $url->getPort());
});

test('', function () {
$_SERVER = [
'REMOTE_ADDR' => '10.0.0.2', //proxy2
'REMOTE_HOST' => 'proxy2',
'HTTP_X_FORWARDED_FOR' => '123.123.123.123, not-ip.com, 172.16.0.1, 10.0.0.1',
'HTTP_X_FORWARDED_HOST' => 'fake, not-ip.com, real:8080, proxy1',
];

$factory = new RequestFactory;
$factory->setProxy(['10.0.0.1', '10.0.0.2']);
Assert::same('172.16.0.1', $factory->fromGlobals()->getRemoteAddress());
Assert::same('172.16.0.1', $factory->fromGlobals()->getRemoteHost());

$url = $factory->fromGlobals()->getUrl();
Assert::same('real', $url->getHost());
Assert::same(8080, $url->getPort());
});

0 comments on commit 089e9f9

Please sign in to comment.