diff --git a/settings.json.template b/settings.json.template index ec0e6f83..011c9e6e 100644 --- a/settings.json.template +++ b/settings.json.template @@ -78,7 +78,10 @@ /* Require authorization by a module, or a user with is_admin set, see below. */ "requireAuthorization": false, - + + /*when you use NginX or another proxy/ load-balancer set this to true*/ + "trustProxy": false, + /* Users for basic authentication. is_admin = true gives access to /admin. If you do not uncomment this, /admin will not be available! */ /* diff --git a/src/node/handler/SocketIORouter.js b/src/node/handler/SocketIORouter.js index e8737002..e5bc1ac4 100644 --- a/src/node/handler/SocketIORouter.js +++ b/src/node/handler/SocketIORouter.js @@ -23,6 +23,7 @@ var ERR = require("async-stacktrace"); var log4js = require('log4js'); var messageLogger = log4js.getLogger("message"); var securityManager = require("../db/SecurityManager"); +var settings = require('../utils/Settings'); /** * Saves all components @@ -52,8 +53,14 @@ exports.setSocketIO = function(_socket) { //save this socket internaly socket = _socket; - socket.sockets.on('connection', function(client) { - client.set('remoteAddress', client.handshake.address.address); + socket.sockets.on('connection', function(client) + { + if(settings.trustProxy && client.handshake.headers['x-forwarded-for'] !== undefined){ + client.set('remoteAddress', client.handshake.headers['x-forwarded-for']); + } + else{ + client.set('remoteAddress', client.handshake.address.address); + } var clientAuthorized = false; //wrap the original send function to log the messages diff --git a/src/node/hooks/express.js b/src/node/hooks/express.js index f3028fe2..f2bb18b8 100644 --- a/src/node/hooks/express.js +++ b/src/node/hooks/express.js @@ -75,6 +75,10 @@ exports.restartServer = function () { next(); }); + if(settings.trustProxy){ + app.enable('trust proxy'); + } + app.configure(function() { hooks.callAll("expressConfigure", {"app": app}); }); diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js index db829e2f..201938e0 100644 --- a/src/node/utils/Settings.js +++ b/src/node/utils/Settings.js @@ -119,6 +119,11 @@ exports.logconfig = { appenders: [{ type: "console" }]}; */ exports.sessionKey = false; +/* +* Trust Proxy, whether or not trust the x-forwarded-for header. +*/ +exports.trustProxy = false; + /* This setting is used if you need authentication and/or * authorization. Note: /admin always requires authentication, and * either authorization by a module, or a user with is_admin set */