* Functions for dealing with proxies
*/
+/**
+ * Extracts the XFF string from the request header
+ * Checks first for "X-Forwarded-For", then "Client-ip"
+ * Note: headers are spoofable
+ * @return string
+ */
function wfGetForwardedFor() {
if( function_exists( 'apache_request_headers' ) ) {
// More reliable than $_SERVER due to case and -/_ folding
}
}
-function wfGetLastIPfromXFF( $xff ) {
- if ( $xff ) {
- // Avoid annoyingly long xff hacks
- $xff = substr( $xff, 0, 255 );
- // Look for the last IP, assuming they are separated by commas or spaces
- $n = ( strrpos($xff, ',') ) ? strrpos($xff, ',') : strrpos($xff, ' ');
- if ( strrpos !== false ) {
- $last = trim( substr( $xff, $n + 1 ) );
- // Make sure it is an IP
- $m = preg_match('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#', $last, $last_ip4);
- $n = preg_match('#:(:[0-9A-Fa-f]{1,4}){1,7}|[0-9A-Fa-f]{1,4}(:{1,2}[0-9A-Fa-f]{1,4}|::$){1,7}#', $last, $last_ip6);
- if ( $m > 0 )
- $xff_ip = $last_ip4;
- else if ( $n > 0 )
- $xff_ip = $last_ip6;
- else
- $xff_ip = null;
- } else {
- $xff_ip = null;
- }
- } else {
- $xff_ip = null;
- }
- return $xff_ip;
-}
-
+/**
+ * Returns the browser/OS data from the request header
+ * Note: headers are spoofable
+ * @return string
+ */
function wfGetAgent() {
if( function_exists( 'apache_request_headers' ) ) {
// More reliable than $_SERVER due to case and -/_ folding
}
}
-/** Work out the IP address based on various globals */
+/**
+ * Work out the IP address based on various globals
+ * For trusted proxies, use the XFF client IP (first of the chain)
+ * @return string
+ */
function wfGetIP() {
global $wgIP;
return $ip;
}
+/**
+ * Checks if an IP is a trusted proxy providor
+ * Useful to tell if X-Fowarded-For data is possibly bogus
+ * Squid cache servers for the site and AOL are whitelisted
+ * @param string $ip
+ * @return bool
+ */
function wfIsTrustedProxy( $ip ) {
global $wgSquidServers, $wgSquidServersNoPurge;
/**
* Convert a network specification in CIDR notation to an integer network and a number of bits
+ * @return array(string, int)
*/
function wfParseCIDR( $range ) {
return IP::parseCIDR( $range );
/**
* Check if an IP address is in the local proxy list
+ * @return bool
*/
function wfIsLocallyBlockedProxy( $ip ) {
global $wgProxyList;
/**
* TODO: move this list to the database in a global IP info table incorporating
* trusted ISP proxies, blocked IP addresses and open proxies.
+ * @return bool
*/
function wfIsAOLProxy( $ip ) {
$ranges = array(
-?>
+