From 6b5f9d266d73452afc486ccf43b0a94967c8602c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= <dkmaster@dkmon.com>
Date: Fri, 22 Apr 2016 14:59:34 +0200
Subject: [PATCH 1/2] Allow UDS behind a proxy

---
 server/src/uds/core/util/Config.py  |  3 +++
 server/src/uds/core/util/request.py | 13 ++++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/server/src/uds/core/util/Config.py b/server/src/uds/core/util/Config.py
index 119b70e91..59070745f 100644
--- a/server/src/uds/core/util/Config.py
+++ b/server/src/uds/core/util/Config.py
@@ -282,6 +282,9 @@ class GlobalConfig(object):
     # Allow clients to notify their own ip (if set), or use always the request extracted IP
     HONOR_CLIENT_IP_NOTIFY = Config.section(SECURITY_SECTION).value('honorClientNotifyIP', '0', type=Config.BOOLEAN_FIELD)
 
+    # If there is a proxy in front of us
+    BEHIND_PROXY = Config.section(SECURITY_SECTION).value('Behind a proxy', '0', type=Config.BOOLEAN_FIELD)
+
     # Clusters related vars
 
     # Maximum desired CPU Load. If cpu is over this value, a migration of a service is "desirable"
diff --git a/server/src/uds/core/util/request.py b/server/src/uds/core/util/request.py
index b162669e2..8119b88d7 100644
--- a/server/src/uds/core/util/request.py
+++ b/server/src/uds/core/util/request.py
@@ -32,13 +32,14 @@
 from __future__ import unicode_literals
 
 from uds.core.util import OsDetector
+from uds.core.util.Config import GlobalConfig
 from uds.core.auths.auth import ROOT_ID, USER_KEY, getRootUser
 from uds.models import User
 
 import threading
 import logging
 
-__updated__ = '2015-05-10'
+__updated__ = '2016-04-22'
 
 logger = logging.getLogger(__name__)
 
@@ -90,6 +91,7 @@ class GlobalRequestMiddleware(object):
 
         Returns the obtained IP, that is always be a valid ip address.
         '''
+        behind_proxy = GlobalConfig.BEHIND_PROXY.getBool(False)
         try:
             request.ip = request.META['REMOTE_ADDR']
         except:
@@ -98,11 +100,20 @@ class GlobalRequestMiddleware(object):
 
         try:
             request.ip_proxy = request.META['HTTP_X_FORWARDED_FOR'].split(",")[0]
+
+            if behind_proxy  is True:
+                request.ip = request.ip_proxy
+                request.ip_proxy = request.META['HTTP_X_FORWARDED_FOR'].split(",")[1]  # Try to get next proxy
+
             request.is_proxy = True
         except:
             request.ip_proxy = request.ip
             request.is_proxy = False
 
+        # Always honor proxy if we are behind a proxy
+        if GlobalConfig.BEHIND_PROXY.getBool(False) is True:
+            request.ip = request.ip_proxy
+
     @staticmethod
     def getUser(request):
         '''

From 09f329db62cad5fabacc34b806e78fac427885c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= <dkmaster@dkmon.com>
Date: Fri, 22 Apr 2016 15:03:06 +0200
Subject: [PATCH 2/2] Allow UDS behind a proxy

---
 server/src/uds/core/util/request.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/server/src/uds/core/util/request.py b/server/src/uds/core/util/request.py
index 8119b88d7..cac36e54e 100644
--- a/server/src/uds/core/util/request.py
+++ b/server/src/uds/core/util/request.py
@@ -110,10 +110,6 @@ class GlobalRequestMiddleware(object):
             request.ip_proxy = request.ip
             request.is_proxy = False
 
-        # Always honor proxy if we are behind a proxy
-        if GlobalConfig.BEHIND_PROXY.getBool(False) is True:
-            request.ip = request.ip_proxy
-
     @staticmethod
     def getUser(request):
         '''