Index: t3lib/config_default.php =================================================================== --- t3lib/config_default.php (Revision 3069) +++ t3lib/config_default.php (Arbeitskopie) @@ -88,6 +88,8 @@ 'systemLogLevel' => 0, // Integer: Only messages with same or higher severity are logged; 0 is info, 1 is notice, 2 is warning, 3 is error, 4 is fatal error. 'maxFileNameLength' => 60, // Integer, This is the maximum file name length. The value will be taken into account by basic file operations like renaming or creation of files and folders. 'UTF8filesystem' => 0, // Boolean: If true and [BE][forceCharset] is set to utf-8, then TYPO3 uses utf-8 to store file names. This allows for accented Latin letters as well as any other non-latin characters like Cyrillic and Chinese. + 'proxyFixClientAddress' => false, // Boolean: If it appears like all client requests come from the same host, then this is probably because there is a proxy between the server and the clients. If this setting is enabled, TYPO3 sends the HTTP_X_FORWARDED_FOR header instead of REMOTE_ADDR and REMOTE_HOST, as some proxy servers serve the original IP in this field instead. WARNING: Do not use this unless you are sure that your requests come from such a proxy. Otherwise, the field could easily be faked, which is a problem when it comes to security check... + ), 'EXT' => Array ( // Options related to the Extension Management 'noEdit' => 1, // Boolean: If set, the Extension Manager does NOT allow extension files to be edited! (Otherwise both local and global extensions can be edited.) Index: t3lib/class.t3lib_div.php =================================================================== --- t3lib/class.t3lib_div.php (Revision 3069) +++ t3lib/class.t3lib_div.php (Arbeitskopie) @@ -3193,9 +3193,16 @@ $retVal = $_SERVER['PATH_INFO']; } break; - // These are let through without modification + // Deal with some proxy servers that hide the clients IP address/hostname case 'REMOTE_ADDR': case 'REMOTE_HOST': + if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['proxyFixClientAddress']) { // This is for proxy servers that send their own IP instead of the original REMOTE_HOST value. Instead, the remote host is stored in HTTP_X_FORWARDED_FOR. + $retVal = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && strlen($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER[$getEnvName]; + } else { + $retVal = $_SERVER[$getEnvName]; + } + break; + // These are let through without modification case 'HTTP_REFERER': case 'HTTP_HOST': case 'HTTP_USER_AGENT':