Add ip whitelist for client ip restore

Created on 12 June 2017, over 7 years ago
Updated 3 May 2024, 8 months ago

Problem/Motivation

In some use-cases you want to bypass the ClientIpRestore functionality. In our current setup we are using a prefetcher for warming our caches. Right now those requests cause unnecessary log entries.

Request came through without being routed through CloudFlare.

Proposed resolution

Add new field to configuration to store an IP Whitelist and bypass logging for those IPs in ClientIpRestore EventSubscriber.

Remaining tasks

  • Add new configuration form field for adding whitelisted IPs
  • Bypass logging for whitelisted IPs

User interface changes

In case of enabling the ClientIpRestore functionality users will see a new form field for adding whitelisted IPs.

πŸ“Œ Task
Status

Needs review

Version

1.0

Component

Code

Created by

πŸ‡©πŸ‡ͺGermany SteffenR Germany

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡¬πŸ‡§United Kingdom alexpott πŸ‡ͺπŸ‡ΊπŸŒ
    1. +++ b/src/EventSubscriber/ClientIpRestore.php
      @@ -107,8 +109,9 @@ class ClientIpRestore implements EventSubscriberInterface {
      +    if ($request_expected_to_bypass_cloudflare || in_array($client_ip, $client_ip_restore_whitelist)) {
      

      in_array() should always have the 3rd param set to TRUE.

    2. +++ b/src/Form/SettingsForm.php
      @@ -359,6 +373,7 @@ class SettingsForm extends FormBase implements ContainerInjectionInterface {
      +    $client_ip_restore_whitelist = preg_split('/\r\n|\r|\n/', $form_state->getValue('client_ip_restore_whitelist'));
      

      I'd consider trimming each element of the array and also validating the fact each element is an IP address.

  • πŸ‡¬πŸ‡§United Kingdom alexpott πŸ‡ͺπŸ‡ΊπŸŒ

    Here's a patch for beta3 - still should address #22.

  • Status changed to Needs review 9 months ago
  • Open in Jenkins β†’ Open on Drupal.org β†’
    Core: 10.2.1 + Environment: PHP 8.1 & MySQL 5.7
    last update 9 months ago
    Composer require failure
  • πŸ‡©πŸ‡ͺGermany daniel.bosen

    The patch for 2.0.0-alpha1 also adresses outstanding issues.

  • Open in Jenkins β†’ Open on Drupal.org β†’
    Core: 10.2.1 + Environment: PHP 8.1 & MySQL 8
    last update 9 months ago
    Composer require failure
  • πŸ‡©πŸ‡ͺGermany chr.fritsch πŸ‡©πŸ‡ͺπŸ‡ͺπŸ‡ΊπŸŒ

    Rerolled for 2.0.0-beta1

Production build 0.71.5 2024