Ensure that if present the HTTP_X_FORWARDED_FOR IP address is used in…

…stead of the SERVER_ADDR when logging items from the IDS Update Core IP address to match IDS Pattern
civicrm · Jul 20, 2019 · e7ecda7 · e7ecda7
1 parent 6bc0781
commit e7ecda7
Showing 1 changed file with 2 additions and 4 deletions.
diff --git a/CRM/Core/IDS.php b/CRM/Core/IDS.php
@@ -247,10 +247,8 @@ public function react(IDS_Report $result) {
    * @return bool
    */
   private function log($result, $reaction = 0) {
-    $ip = (isset($_SERVER['SERVER_ADDR']) &&
-      $_SERVER['SERVER_ADDR'] != '127.0.0.1') ? $_SERVER['SERVER_ADDR'] : (
-      isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '127.0.0.1'
-      );
+    // Include X_FORWARD_FOR ip address if set as per IDS patten.
+    $ip = $_SERVER['REMOTE_ADDR'] . (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? ' (' . $_SERVER['HTTP_X_FORWARDED_FOR'] . ')' : '');
 
     $data = [];
     $session = CRM_Core_Session::singleton();