function wfWikiaAbortAutoblock($autoblockip, $block) { if (!IP::isPublic($autoblockip)) { wfDebug("IP {$autoblockip} was prevented from being autoblocked by internal IP autoblock"); return false; } }
public function testPrivateIPs() { $private = array('10.0.0.1', '172.16.0.1', '192.168.0.1'); foreach ($private as $p) { $this->assertFalse(IP::isPublic($p), "{$p} is not a public IP address"); } }
/** Work out the IP address based on various globals */ function wfGetIP() { global $wgSquidServers, $wgSquidServersNoPurge, $wgIP; # Return cached result if (!empty($wgIP)) { return $wgIP; } /* collect the originating ips */ # Client connecting to this webserver if (isset($_SERVER['REMOTE_ADDR'])) { $ipchain = array($_SERVER['REMOTE_ADDR']); } else { # Running on CLI? $ipchain = array('127.0.0.1'); } $ip = $ipchain[0]; # Get list of trusted proxies # Flipped for quicker access $trustedProxies = array_flip(array_merge($wgSquidServers, $wgSquidServersNoPurge)); if (count($trustedProxies)) { # Append XFF on to $ipchain $forwardedFor = wfGetForwardedFor(); if (isset($forwardedFor)) { $xff = array_map('trim', explode(',', $forwardedFor)); $xff = array_reverse($xff); $ipchain = array_merge($ipchain, $xff); } # Step through XFF list and find the last address in the list which is a trusted server # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) foreach ($ipchain as $i => $curIP) { if (array_key_exists($curIP, $trustedProxies)) { if (isset($ipchain[$i + 1]) && IP::isPublic($ipchain[$i + 1])) { $ip = $ipchain[$i + 1]; } } else { break; } } } wfDebug("IP: {$ip}\n"); $wgIP = $ip; return $ip; }
/** * Work out the IP address based on various globals * For trusted proxies, use the XFF client IP (first of the chain) * * @since 1.19 * * @throws MWException * @return string */ public function getIP() { global $wgUsePrivateIPs; # Return cached result if ($this->ip !== null) { return $this->ip; } # collect the originating ips $ip = $this->getRawIP(); # Append XFF $forwardedFor = $this->getHeader('X-Forwarded-For'); if ($forwardedFor !== false) { $ipchain = array_map('trim', explode(',', $forwardedFor)); $ipchain = array_reverse($ipchain); if ($ip) { array_unshift($ipchain, $ip); } # Step through XFF list and find the last address in the list which is a trusted server # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) foreach ($ipchain as $i => $curIP) { $curIP = IP::canonicalize($curIP); if (wfIsTrustedProxy($curIP)) { if (isset($ipchain[$i + 1])) { if ($wgUsePrivateIPs || IP::isPublic($ipchain[$i + 1])) { $ip = $ipchain[$i + 1]; } } } else { break; } } } # Allow extensions to improve our guess wfRunHooks('GetIP', array(&$ip)); if (!$ip) { throw new MWException("Unable to determine IP"); } wfDebug("IP: {$ip}\n"); $this->ip = $ip; return $ip; }
/** * @covers IP::isPublic */ public function testPrivateIPs() { $private = array('fc00::3', 'fc00::ff', '::1', '10.0.0.1', '172.16.0.1', '192.168.0.1'); foreach ($private as $p) { $this->assertFalse(IP::isPublic($p), "{$p} is not a public IP address"); } $public = array('2001:5c0:1000:a::133', 'fc::3', '00FC::'); foreach ($public as $p) { $this->assertTrue(IP::isPublic($p), "{$p} is a public IP address"); } }
/** * Locates the client IP within a given XFF string * @param string $xff * @return array( string, bool ) */ public static function getClientIPfromXFF($xff) { global $wgSquidServers, $wgSquidServersNoPurge; if (!$xff) { return array(null, false); } // Avoid annoyingly long xff hacks $xff = trim(substr($xff, 0, 255)); $client = null; $isSquidOnly = true; $trusted = true; // Check each IP, assuming they are separated by commas $ips = explode(',', $xff); foreach ($ips as $ip) { $ip = trim($ip); // If it is a valid IP, not a hash or such if (IP::isIPAddress($ip)) { # The first IP should be the client. # Start only from the first public IP. if (is_null($client)) { if (IP::isPublic($ip)) { $client = $ip; } } elseif (!in_array($ip, $wgSquidServers) && !in_array($ip, $wgSquidServersNoPurge)) { $isSquidOnly = false; break; } } } return array($client, $isSquidOnly); }
/** * Work out the IP address based on various globals * For trusted proxies, use the XFF client IP (first of the chain) * * @since 1.19 * * @throws MWException * @return string */ public function getIP() { global $wgUsePrivateIPs; # Return cached result if ($this->ip !== null) { return $this->ip; } # collect the originating ips $ip = $this->getRawIP(); if (!$ip) { throw new MWException('Unable to determine IP.'); } # Append XFF $forwardedFor = $this->getHeader('X-Forwarded-For'); if ($forwardedFor !== false) { $isConfigured = IP::isConfiguredProxy($ip); $ipchain = array_map('trim', explode(',', $forwardedFor)); $ipchain = array_reverse($ipchain); array_unshift($ipchain, $ip); # Step through XFF list and find the last address in the list which is a # trusted server. Set $ip to the IP address given by that trusted server, # unless the address is not sensible (e.g. private). However, prefer private # IP addresses over proxy servers controlled by this site (more sensible). # Note that some XFF values might be "unknown" with Squid/Varnish. foreach ($ipchain as $i => $curIP) { $curIP = IP::sanitizeIP(IP::canonicalize($curIP)); if (!$curIP || !isset($ipchain[$i + 1]) || $ipchain[$i + 1] === 'unknown' || !IP::isTrustedProxy($curIP)) { break; // IP is not valid/trusted or does not point to anything } if (IP::isPublic($ipchain[$i + 1]) || $wgUsePrivateIPs || IP::isConfiguredProxy($curIP)) { // Follow the next IP according to the proxy $nextIP = IP::canonicalize($ipchain[$i + 1]); if (!$nextIP && $isConfigured) { // We have not yet made it past CDN/proxy servers of this site, // so either they are misconfigured or there is some IP spoofing. throw new MWException("Invalid IP given in XFF '{$forwardedFor}'."); } $ip = $nextIP; // keep traversing the chain continue; } break; } } # Allow extensions to improve our guess Hooks::run('GetIP', array(&$ip)); if (!$ip) { throw new MWException("Unable to determine IP."); } wfDebug("IP: {$ip}\n"); $this->ip = $ip; return $ip; }
/** * Work out the IP address based on various globals * For trusted proxies, use the XFF client IP (first of the chain) * @return string */ function wfGetIP() { global $wgUsePrivateIPs, $wgCommandLineMode; static $ip = false; # Return cached result if (!empty($ip)) { return $ip; } $ipchain = array(); /* collect the originating ips */ # Client connecting to this webserver if (isset($_SERVER['REMOTE_ADDR'])) { $ip = IP::canonicalize($_SERVER['REMOTE_ADDR']); } elseif ($wgCommandLineMode) { $ip = '127.0.0.1'; } if ($ip) { $ipchain[] = $ip; } # Append XFF on to $ipchain $forwardedFor = wfGetForwardedFor(); if (isset($forwardedFor)) { $xff = array_map('trim', explode(',', $forwardedFor)); $xff = array_reverse($xff); $ipchain = array_merge($ipchain, $xff); } # Step through XFF list and find the last address in the list which is a trusted server # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) foreach ($ipchain as $i => $curIP) { $curIP = IP::canonicalize($curIP); if (wfIsTrustedProxy($curIP)) { if (isset($ipchain[$i + 1])) { if ($wgUsePrivateIPs || IP::isPublic($ipchain[$i + 1])) { $ip = $ipchain[$i + 1]; } } } else { break; } } # Allow extensions to improve our guess wfRunHooks('GetIP', array(&$ip)); if (!$ip) { throw new MWException("Unable to determine IP"); } wfDebug("IP: {$ip}\n"); return $ip; }
static function getCurrUserName() { global $wgUser, $wgSquidServers; global $wgUsePrivateIPs; if (self::$anon_forwarded_for === true && $wgUser->isAnon()) { /* collect the originating IPs borrowed from ProxyTools::wfGetIP bypass trusted proxies list check */ # Client connecting to this webserver if (isset($_SERVER['REMOTE_ADDR'])) { $ipchain = array(IP::canonicalize($_SERVER['REMOTE_ADDR'])); } else { # Running on CLI? $ipchain = array('127.0.0.1'); } $ip = $ipchain[0]; # Append XFF on to $ipchain $forwardedFor = wfGetForwardedFor(); if (isset($forwardedFor)) { $xff = array_map('trim', explode(',', $forwardedFor)); $xff = array_reverse($xff); $ipchain = array_merge($ipchain, $xff); } $username = ""; foreach ($ipchain as $i => $curIP) { if ($wgUsePrivateIPs || IP::isPublic($curIP)) { $username .= IP::canonicalize($curIP) . '/'; } } if ($username != "") { # remove trailing slash $username = substr($username, 0, strlen($username) - 1); } else { $username .= IP::canonicalize($ipchain[0]); } } else { $username = $wgUser->getName(); } return $username; }
/** * @covers IP::isPublic * @dataProvider provideIsPublic */ public function testIsPublic($expected, $input) { $result = IP::isPublic($input); $this->assertEquals($expected, $result); }
/** * Work out the IP address based on various globals * For trusted proxies, use the XFF client IP (first of the chain) * * @since 1.19 * * @throws MWException * @return string */ public function getIP() { global $wgUsePrivateIPs; # Return cached result if ( $this->ip !== null ) { return $this->ip; } # collect the originating ips $ip = $this->getRawIP(); # Append XFF $forwardedFor = $this->getHeader( 'X-Forwarded-For' ); if ( $forwardedFor !== false ) { $ipchain = array_map( 'trim', explode( ',', $forwardedFor ) ); $ipchain = array_reverse( $ipchain ); if ( $ip ) { array_unshift( $ipchain, $ip ); } # Step through XFF list and find the last address in the list which is a # trusted server. Set $ip to the IP address given by that trusted server, # unless the address is not sensible (e.g. private). However, prefer private # IP addresses over proxy servers controlled by this site (more sensible). foreach ( $ipchain as $i => $curIP ) { $curIP = IP::sanitizeIP( IP::canonicalize( $curIP ) ); if ( wfIsTrustedProxy( $curIP ) && isset( $ipchain[$i + 1] ) ) { if ( wfIsConfiguredProxy( $curIP ) || // bug 48919; treat IP as sane IP::isPublic( $ipchain[$i + 1] ) || $wgUsePrivateIPs ) { $nextIP = IP::canonicalize( $ipchain[$i + 1] ); if ( !$nextIP && wfIsConfiguredProxy( $ip ) ) { // We have not yet made it past CDN/proxy servers of this site, // so either they are misconfigured or there is some IP spoofing. throw new MWException( "Invalid IP given in XFF '$forwardedFor'." ); } $ip = $nextIP; continue; } } break; } } # Allow extensions to improve our guess wfRunHooks( 'GetIP', array( &$ip ) ); if ( !$ip ) { throw new MWException( "Unable to determine IP." ); } wfDebug( "IP: $ip\n" ); $this->ip = $ip; return $ip; }
/** * Locates the client IP within a given XFF string * @param string $xff * @param string $address, the ip that sent this header (optional) * @return array( string, bool ) */ function efGetClientIPfromXFF($xff, $address = NULL) { if (!$xff) { return array(null, false); } // Avoid annoyingly long xff hacks $xff = trim(substr($xff, 0, 255)); $client = null; $trusted = true; // Check each IP, assuming they are separated by commas $ips = explode(',', $xff); foreach ($ips as $n => $ip) { $ip = trim($ip); // If it is a valid IP, not a hash or such if (IP::isIPAddress($ip)) { # The first IP should be the client. # Start only from the first public IP. if (is_null($client)) { if (IP::isPublic($ip)) { $client = $ip; } # Check that all servers are trusted } else { if (!wfIsTrustedProxy($ip)) { $trusted = false; break; } } } } // We still have to test if the IP that sent // this header is trusted to confirm results if ($client != $address && (!$address || !wfIsTrustedProxy($address))) { $trusted = false; } return array($client, $trusted); }
include_once "coslib/log.php"; include_once "coslib/IP.php"; log::createLog(); $config_file = _COS_PATH . '/config/config.php'; config::loadPHPConfigFile($config_file); // simple api for getting ip. $api_ip = config::getMainIni('api_ip'); if (!$api_ip) { $api_ip = 'http://www.os-cms.net/api/your_addr.php'; } $my_ip = @file_get_contents($api_ip); if ($my_ip === false) { log::error("Could not get your public IP. No check of current DNS settings"); return; } if (!IP::isPublic($my_ip)) { log::error("IP {$my_ip} is not public"); } $my_ip = trim($my_ip); $my_hostnames = config::getMainIni('my_hostnames'); // if more hosts use a comma seperated list $url = config::getMainIni('api_url'); $url .= "?hostname={$my_hostnames}&myip={$my_ip}"; $user_agent = "User-Agent: noiphp/0.0.1 dennis.iversen@gmail.com"; $curl = new mycurl($url); $curl->useAuth(true); //$curl->setCert(config::getMainIni('cert')); $email = config::getMainIni('email'); $password = config::getMainIni('password'); $curl->setName($email); $curl->setPass($password);
/** * Work out the IP address based on various globals * For trusted proxies, use the XFF client IP (first of the chain) * @return string */ function wfGetIP() { global $wgIP; # Return cached result if (!empty($wgIP)) { return $wgIP; } /* collect the originating ips */ # Client connecting to this webserver if (isset($_SERVER['REMOTE_ADDR'])) { $ipchain = array(IP::canonicalize($_SERVER['REMOTE_ADDR'])); } else { # Running on CLI? $ipchain = array('127.0.0.1'); } $ip = $ipchain[0]; # Append XFF on to $ipchain $forwardedFor = wfGetForwardedFor(); if (isset($forwardedFor)) { $xff = array_map('trim', explode(',', $forwardedFor)); $xff = array_reverse($xff); $ipchain = array_merge($ipchain, $xff); } # Step through XFF list and find the last address in the list which is a trusted server # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) foreach ($ipchain as $i => $curIP) { $curIP = IP::canonicalize($curIP); if (wfIsTrustedProxy($curIP)) { if (isset($ipchain[$i + 1]) && IP::isPublic($ipchain[$i + 1])) { $ip = $ipchain[$i + 1]; } } else { break; } } if (strpos($ip, "192.168.100") !== false) { $msg = "wfGetIP: Bad IP {$ip} " . print_r($_SERVER, true) . print_r($wgUser, true) . wfBacktrace() . "\n"; wfDebug($msg); } wfDebug("IP: {$ip}\n"); $wgIP = $ip; return $ip; }