Path

ez projects / ggwebservices / forum / general / request header


Request Header

You need to be logged in to post messages in the forums. New users may register here.

Stephan Scholz

Member since:
03 April 2013

Posts: 4

Wednesday 03 April 2013 10:03:26 am

Hi,

thanks for sharing ggwebservice with the community, great work.

My current problem: I need information about the header of a webservice request, is there a way to process header information with ggwebservice? I am using a jsonrpc webservice and need the value of the "x-forwarded-for" header.

I would be appreciative for any advice, thanks.

Regards,
Stephan
Up

Gaetano Giunta

Member since:
30 November 1999

Posts: 269

Wednesday 03 April 2013 10:45:28 am

I will look into this when I have a bit of spare time...

Principal Consultant International Business
Member of the Community Project Board

Up

Gaetano Giunta

Member since:
30 November 1999

Posts: 269

Wednesday 03 April 2013 10:52:25 am

ps: it seems that is not very difficult.

While you wait for next release, you can patch the code as follows:

. patch the ggJSONRPCResponse::decodeStream method. http headers are its 3rd param. Save them to a member variable of the object

. add method ggJSONRPCResponse::responseHeaders which gives you back that variable

All in all, 4 lines of code :-)

Principal Consultant International Business
Member of the Community Project Board

Up

Stephan Scholz

Member since:
03 April 2013

Posts: 4

Wednesday 03 April 2013 4:18:17 pm

Thanks for your fast answer, but I am not sure if response is the correct location.

You have the ability to use "ValidateClientIPs" and "ValidClientIPs", to secure the access to the webservices, if your site is behind a loadbalancer the client ip will always be the loadbalancer ip. So you have to check the "x-forwarded-for" header instead of the ip from incomming request.
My quick fix would be a check for that header in my initialize.php jsonrpc extension, on every method call.

I hope my problem will be more clearly now, sorry for any confusion.

Regards,
Stephan
Up

Gaetano Giunta

Member since:
30 November 1999

Posts: 269

Wednesday 03 April 2013 4:27:34 pm

Ah ok I see better now - you do not want to parse headers by hand but have ValidateClientIP work when behind a proxy.

This is also doable, but in a different place.

So now I have 2 feature requests on my hand ;-)

The fix would be to change the way that client IP validation is done, in file modules/webservices/execute.php

Note that ezsys class from eZ kernel has already a method to give you the client IP even when behind a proxy, starting with ezp 4.5

Principal Consultant International Business
Member of the Community Project Board

Up

Stephan Scholz

Member since:
03 April 2013

Posts: 4

Wednesday 03 April 2013 5:00:08 pm

Thanks for the tip with the ezsys class, I found that note in there:

Note: X-Forwarded-For is transformed by PHP into $_SERVER['HTTP_X_FORWARDED_FOR']

So I can use this to check for a valid IP in your execute.php.
Up

Gaetano Giunta

Member since:
30 November 1999

Posts: 269

Monday 15 April 2013 3:25:22 pm

ps: I implemented both changes, currently in github.

Can you test the git master version, before I package it as rev. 0.14?

Principal Consultant International Business
Member of the Community Project Board

Up

Stephan Scholz

Member since:
03 April 2013

Posts: 4

Tuesday 14 January 2014 9:47:32 am

Sorry for my missing answer, looks good!

Thanks for your great work.
Up

You need to be logged in to post messages in the forums. New users may register here.