I recently installed a layer of varnish caches in front of my website. These proxies were already ipv6-enabled, which resulted in some interesting behavior. Instead of adding the IPv4 address of the client to the X-forwarded-for header, the proxy added the clients IP address in ipv4-mapped format. So the X-forwarded-for header looked like this:

_ENV["HTTP_X_FORWARDED_FOR"] = "::ffff:1.2.3.4, 10.1.1.102"

1.2.3.4 is the client IP, 10.1.1.102 is that of the proxy. ip_address() trusts the proxy and parses this to "::ffff:1.2.3.4". This is of course annoying for the user because it looks a bit weird - but could also cause problems with IP-address bans as this no longer matches!

So i think ip_address() should detect this and strip the ::ffff: prefix.
Attached is a very simple patch. This was rolled against D6 (pressflow), but as far as I can tell the code hasn't changed.

CommentFileSizeAuthor
core-ipv6-v4mapped-addresses.patch471 bytesbart jansens

Comments

benjy’s picture

benjy commented
Status: Active » Needs review

Status: Needs review » Needs work

The last submitted patch, core-ipv6-v4mapped-addresses.patch, failed testing.

mglaman’s picture

mglaman
Primary language English
Location WI, USA
commented
Issue summary: View changes
Status: Needs work » Closed (outdated)

This is outdated, as ip_address() was removed in #1847768: Remove ip_address(). It's now served through \Symfony\Component\HttpFoundation\Request::getClientIp