Feature #484158, the IP allow/deny host authentication code has now been completed and commited. It's been in live testing on my public server for a week now, using cookie authentication mode. I would appreciate some more testing of the code, particularlly under the HTTP and Config authentication modes.
I'm still working on the DB-Config stuff. More to follow on that later.
Robin Johnson wrote:
Feature #484158, the IP allow/deny host authentication code has now been completed and commited. It's been in live testing on my public server for a week now, using cookie authentication mode. I would appreciate some more testing of the code, particularlly under the HTTP and Config authentication modes.
I'm still working on the DB-Config stuff. More to follow on that later.
Robin,
When I am using a proxy: $proxy_ip has the true client IP $direct_ip has the proxy IP
So $regs[0] returns wrongly the IP of the proxy.
I think line 221 should be checking $proxy_ip instead of $direct_ip.
Someone else can confirm this behavior?