merged branch fabpot/ip-cache (PR #7034)

This PR was submitted for the 2.2 branch but it was merged into the 2.1 branch instead (closes #7034). Commits ------- 1fdded5 [HttpKernel] added support for the X-Forwarded-For header (closes #6982, closes #7000) be65d7c [HttpKernel] fixed the IP address in HttpCache when calling the backend Discussion ---------- Make HttpCache behaves more like a real reverse proxy | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #6982, #7000 | License | MIT | Doc PR | n/a --------------------------------------------------------------------------- by bendavies at 2013-02-10T00:55:29Z Awesome, thanks Fabien. should this not target 2.0/2.1?
2013-02-11 11:50:30 +01:00 · 2013-02-11 11:50:30 +01:00 · 22e997ace0
commit 22e997ace0
parent e0637fa9b7 42d3c4c9ca
4 changed files with 59 additions and 0 deletions
--- a/src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
+++ b/src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
@ -413,6 +413,18 @@ class HttpCache implements HttpKernelInterface, TerminableInterface
        $subRequest->headers->remove('if_modified_since');
        $subRequest->headers->remove('if_none_match');

+        // modify the X-Forwarded-For header if needed
+        $forwardedFor = $subRequest->headers->get('X-Forwarded-For');
+        if ($forwardedFor) {
+            $subRequest->headers->set('X-Forwarded-For', $forwardedFor.', '.$subRequest->server->get('REMOTE_ADDR'));
+        } else {
+            $subRequest->headers->set('X-Forwarded-For', $subRequest->server->get('REMOTE_ADDR'));
+        }
+
+        // fix the client IP address by setting it to 127.0.0.1 as HttpCache
+        // is always called from the same process as the backend.
+        $subRequest->server->set('REMOTE_ADDR', '127.0.0.1');
+
        $response = $this->forward($subRequest, $catch);

        if ($this->isPrivateRequest($request) && !$response->headers->hasCacheControlDirective('public')) {
--- a/src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php
+++ b/src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php
@ -1034,4 +1034,36 @@ class HttpCacheTest extends HttpCacheTestCase
        $this->assertEquals('Hello World!', $this->response->getContent());
        $this->assertEquals(12, $this->response->headers->get('Content-Length'));
    }
+
+    public function testClientIpIsAlwaysLocalhostForForwardedRequests()
+    {
+        $this->setNextResponse();
+        $this->request('GET', '/', array('REMOTE_ADDR' => '10.0.0.1'));
+
+        $this->assertEquals('127.0.0.1', $this->kernel->getBackendRequest()->server->get('REMOTE_ADDR'));
+    }
+
+    /**
+     * @dataProvider getXForwardedForData
+     */
+    public function testXForwarderForHeaderForForwardedRequests($xForwardedFor, $expected)
+    {
+        $this->setNextResponse();
+        $server = array('REMOTE_ADDR' => '10.0.0.1');
+        if (false !== $xForwardedFor) {
+            $server['HTTP_X_FORWARDED_FOR'] = $xForwardedFor;
+        }
+        $this->request('GET', '/', $server);
+
+        $this->assertEquals($expected, $this->kernel->getBackendRequest()->headers->get('X-Forwarded-For'));
+    }
+
+    public function getXForwardedForData()
+    {
+        return array(
+            array(false, '10.0.0.1'),
+            array('10.0.0.2', '10.0.0.2, 10.0.0.1'),
+            array('10.0.0.2, 10.0.0.3', '10.0.0.2, 10.0.0.3, 10.0.0.1'),
+        );
+    }
 }
--- a/src/Symfony/Component/HttpKernel/Tests/HttpCache/TestHttpKernel.php
+++ b/src/Symfony/Component/HttpKernel/Tests/HttpCache/TestHttpKernel.php
@ -26,6 +26,7 @@ class TestHttpKernel extends HttpKernel implements ControllerResolverInterface
    protected $called;
    protected $customizer;
    protected $catch;
+    protected $backendRequest;

    public function __construct($body, $status, $headers, \Closure $customizer = null)
    {
@ -39,9 +40,15 @@ class TestHttpKernel extends HttpKernel implements ControllerResolverInterface
        parent::__construct(new EventDispatcher(), $this);
    }

+    public function getBackendRequest()
+    {
+        return $this->backendRequest;
+    }
+
    public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = false)
    {
        $this->catch = $catch;
+        $this->backendRequest = $request;

        return parent::handle($request, $type, $catch);
    }
--- a/src/Symfony/Component/HttpKernel/Tests/HttpCache/TestMultipleHttpKernel.php
+++ b/src/Symfony/Component/HttpKernel/Tests/HttpCache/TestMultipleHttpKernel.php
@ -25,6 +25,7 @@ class TestMultipleHttpKernel extends HttpKernel implements ControllerResolverInt
    protected $headers;
    protected $catch;
    protected $call;
+    protected $backendRequest;

    public function __construct($responses)
    {
@ -42,8 +43,15 @@ class TestMultipleHttpKernel extends HttpKernel implements ControllerResolverInt
        parent::__construct(new EventDispatcher(), $this);
    }

+    public function getBackendRequest()
+    {
+        return $this->backendRequest;
+    }
+
    public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = false)
    {
+        $this->backendRequest = $request;
+
        return parent::handle($request, $type, $catch);
    }