diff --git a/OpenSim/Server/Handlers/Map/MapAddServerConnector.cs b/OpenSim/Server/Handlers/Map/MapAddServerConnector.cs index c87de921f4..cc7ef9d73b 100644 --- a/OpenSim/Server/Handlers/Map/MapAddServerConnector.cs +++ b/OpenSim/Server/Handlers/Map/MapAddServerConnector.cs @@ -78,7 +78,8 @@ namespace OpenSim.Server.Handlers.MapImage else m_log.InfoFormat("[MAP IMAGE HANDLER]: GridService check is OFF"); - server.AddStreamHandler(new MapServerPostHandler(m_MapService, m_GridService)); + bool proxy = serverConfig.GetBoolean("HasProxy", false); + server.AddStreamHandler(new MapServerPostHandler(m_MapService, m_GridService, proxy)); } } @@ -88,12 +89,14 @@ namespace OpenSim.Server.Handlers.MapImage private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); private IMapImageService m_MapService; private IGridService m_GridService; + bool m_Proxy; - public MapServerPostHandler(IMapImageService service, IGridService grid) : + public MapServerPostHandler(IMapImageService service, IGridService grid, bool proxy) : base("POST", "/map") { m_MapService = service; m_GridService = grid; + m_Proxy = proxy; } public override byte[] Handle(string path, Stream requestData, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) @@ -129,7 +132,7 @@ namespace OpenSim.Server.Handlers.MapImage GridRegion r = m_GridService.GetRegionByPosition(UUID.Zero, x * (int)Constants.RegionSize, y * (int)Constants.RegionSize); if (r != null) { - if (r.ExternalEndPoint.Address != httpRequest.RemoteIPEndPoint.Address) + if (r.ExternalEndPoint.Address != GetCallerIP(httpRequest)) { m_log.WarnFormat("[MAP IMAGE HANDLER]: IP address {0} may be rogue", httpRequest.RemoteIPEndPoint.Address); return FailureResult("IP address of caller does not match IP address of registered region"); @@ -221,5 +224,31 @@ namespace OpenSim.Server.Handlers.MapImage return ms.ToArray(); } + + private System.Net.IPAddress GetCallerIP(IOSHttpRequest request) + { + if (!m_Proxy) + return request.RemoteIPEndPoint.Address; + + // We're behind a proxy + string xff = "X-Forwarded-For"; + string xffValue = request.Headers[xff.ToLower()]; + if (xffValue == null || (xffValue != null && xffValue == string.Empty)) + xffValue = request.Headers[xff]; + + if (xffValue == null || (xffValue != null && xffValue == string.Empty)) + { + m_log.WarnFormat("[MAP IMAGE HANDLER]: No XFF header"); + return request.RemoteIPEndPoint.Address; + } + + System.Net.IPEndPoint ep = Util.GetClientIPFromXFF(xffValue); + if (ep != null) + return ep.Address; + + // Oops + return request.RemoteIPEndPoint.Address; + } + } } diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example index 1b5d37cf93..be7540750d 100644 --- a/bin/Robust.HG.ini.example +++ b/bin/Robust.HG.ini.example @@ -283,6 +283,9 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 ; If for some reason you have the AddMapTile service outside the firewall (e.g. 8002), ; you may want to set this. Otherwise, don't set it, because it's already protected. ; GridService = "OpenSim.Services.GridService.dll:GridService" + ; + ; Additionally, if you run this server behind a proxy, set this to true + ; HasProxy = false [GridInfoService] ; These settings are used to return information on a get_grid_info call. diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example index 40b8d833bc..582af2737f 100644 --- a/bin/Robust.ini.example +++ b/bin/Robust.ini.example @@ -258,6 +258,10 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 ; If for some reason you have the AddMapTile service outside the firewall (e.g. 8002), ; you may want to set this. Otherwise, don't set it, because it's already protected. ; GridService = "OpenSim.Services.GridService.dll:GridService" + ; + ; Additionally, if you run this server behind a proxy, set this to true + ; HasProxy = false + [GridInfoService]