0

The situation is that I have a WordPress install on IIS 7.5 which accesses the internet through a proxy and some parts of the website will make a client side external request (images, YouTube videos etc.) which needs users to enter their proxy credentials if they are accessing the site through intranet.

I would like to hide certain elements of the site if it is accessed through intranet and have it fully functional if accessed through internet.

I found this SO answer which helped a bit (and yes I changed it to LOCAL_ADDR because of IIS) but it fails because of the proxy.

Internet requests to the site go through the proxy which is on the same network, thus it thinks that every request is an intranet request.

So, how can I improve this function to work in my situation if I know the proxy IP?

function is_intranet() {
  $serverIP = explode('.',$_SERVER['LOCAL_ADDR']);
  $localIP  = explode('.',$_SERVER['REMOTE_ADDR']);
  return ( 
    ($serverIP[0] == $localIP[0]) && 
    (in_array($serverIP[0],array('127','10','172','192') ) ) 
  );
}
Community
  • 1
  • 1
mhcodner
  • 553
  • 1
  • 5
  • 20

1 Answers1

0

Proxy? I suppose you mean a reverse-proxy. If so, many reverse proxies add extra http headers to the original request. Check if your request headers contain "X-Forwarded-For" http://en.wikipedia.org/wiki/X-Forwarded-For
In general, the last item is what you're looking for.
A C# example:

string xff = request.Headers["X-Forwarded-For"];
if (xff != null)
{
    string[] clientIPList = xff.Split(','); 
    string ip = clientIPList.Last();
}
Fabrizio Accatino
  • 2,284
  • 20
  • 24
  • It seems that would be the logical solution because it is easier to test against the proxy being there than to check if the client is in the same domain. – mhcodner May 22 '14 at 02:48