View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000964XdebugStep Debuggingpublic2013-07-16 19:072017-12-02 16:19
Reportermslade Assigned Toderick  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
PlatformLinuxOSBU LinuxOS Version5.0
Product Version2.2.2 
Fixed in Version2.6.0alpha1 
Summary0000964: Xdebug does not parse X-Forwarded-For
Description

Xdebug uses the X-Forwarded-For header for remote_connect_back but it doesn't parse the header value. It assumes it to be a single IP, so when multiple IPs are included here it results in a malformed hostname. Here is an example from my log file:

I: Remote address found, connecting to 168.122.67.172, 168.122.67.172:9000.

Steps To Reproduce
  • Configure Xdebug with xdebug.remote_connect_back = 1 and xdebug.remote_log writing somewhere you can reach.
  • Issue a request such as curl -H 'X-Forwarded-For: 127.0.0.1, 127.0.0.2' --cookie 'XDEBUG_SESSION=test-case' http://localhost
  • Look at the Xdebug remote log file and note a line such as:

I: Remote address found, connecting to 127.0.0.1, 127.0.0.2:9000.

Additional Information

https://en.wikipedia.org/wiki/X-Forwarded-For#Format

Note that I tested this against 2.2.2, but it appears to be the same in 2.2.3.

TagsNo tags attached.
Operating System
PHP Version5.4.0

Relationships

has duplicate 0001500 resolvedderick remote_connect_back fails to connect when HTTP_X_FORWARDED_FOR contains comma-delimited ip addresses 

Activities

derick

2013-07-23 10:52

administrator   ~0002543

Which one should I use then? The first one to do the callback?

mslade

2013-07-23 16:51

reporter   ~0002545

That would be the behavior I expected. The first IP will be the client's actual IP address at the end of the proxy chain.

derick

2017-01-04 11:20

administrator   ~0004155

Fixed, through a patch by Steve Easley.

Issue History

Date Modified Username Field Change
2013-07-16 19:07 mslade New Issue
2013-07-23 10:52 derick Note Added: 0002543
2013-07-23 10:52 derick Assigned To => derick
2013-07-23 10:52 derick Status new => feedback
2013-07-23 16:51 mslade Note Added: 0002545
2013-07-23 16:51 mslade Status feedback => assigned
2016-07-31 12:36 derick Category Usage problems => Usage problems (Crashes)
2016-07-31 12:38 derick Category Usage problems (Crashes) => Usage problems (Wrong Results)
2016-11-28 20:18 derick Status assigned => acknowledged
2016-11-28 20:18 derick Category Usage problems (Wrong Results) => Remote Debugging
2016-12-04 17:10 derick Status acknowledged => confirmed
2017-01-04 11:20 derick Note Added: 0004155
2017-01-04 11:20 derick Status confirmed => closed
2017-01-04 11:20 derick Resolution open => fixed
2017-01-04 11:20 derick Fixed in Version => 2.6.0dev
2017-12-02 16:19 derick Fixed in Version 2.6.0dev => 2.6.0alpha1
2017-12-07 10:51 derick Relationship added has duplicate 0001500
2020-03-12 16:33 derick Category Remote Debugging => Step Debugging