symfony
diff --git a/‎src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
Lines changed: 12 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
Lines changed: 12 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php
Lines changed: 32 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php
Lines changed: 32 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/TestHttpKernel.php
Lines changed: 7 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/TestHttpKernel.php
Lines changed: 7 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/TestMultipleHttpKernel.php
Lines changed: 8 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/TestMultipleHttpKernel.php
Lines changed: 8 additions & 0 deletions
@@ -413,6 +413,18 @@ protected function fetch(Request $request, $catch = false)
         $subRequest->headers->remove('if_modified_since');
         $subRequest->headers->remove('if_none_match');
 
+        // modify the X-Forwarded-For header if needed
+        $forwardedFor = $subRequest->headers->get('X-Forwarded-For');
+        if ($forwardedFor) {
+            $subRequest->headers->set('X-Forwarded-For', $forwardedFor.', '.$subRequest->server->get('REMOTE_ADDR'));
+        } else {
+            $subRequest->headers->set('X-Forwarded-For', $subRequest->server->get('REMOTE_ADDR'));
+        }
+
+        // fix the client IP address by setting it to 127.0.0.1 as HttpCache
+        // is always called from the same process as the backend.
+        $subRequest->server->set('REMOTE_ADDR', '127.0.0.1');
+
         $response = $this->forward($subRequest, $catch);
 
         if ($this->isPrivateRequest($request) && !$response->headers->hasCacheControlDirective('public')) {
 
@@ -1034,4 +1034,36 @@ public function testEsiRecalculateContentLengthHeader()
         $this->assertEquals('Hello World!', $this->response->getContent());
         $this->assertEquals(12, $this->response->headers->get('Content-Length'));
     }
+
+    public function testClientIpIsAlwaysLocalhostForForwardedRequests()
+    {
+        $this->setNextResponse();
+        $this->request('GET', '/', array('REMOTE_ADDR' => '10.0.0.1'));
+
+        $this->assertEquals('127.0.0.1', $this->kernel->getBackendRequest()->server->get('REMOTE_ADDR'));
+    }
+
+    /**
+     * @dataProvider getXForwardedForData
+     */
+    public function testXForwarderForHeaderForForwardedRequests($xForwardedFor, $expected)
+    {
+        $this->setNextResponse();
+        $server = array('REMOTE_ADDR' => '10.0.0.1');
+        if (false !== $xForwardedFor) {
+            $server['HTTP_X_FORWARDED_FOR'] = $xForwardedFor;
+        }
+        $this->request('GET', '/', $server);
+
+        $this->assertEquals($expected, $this->kernel->getBackendRequest()->headers->get('X-Forwarded-For'));
+    }
+
+    public function getXForwardedForData()
+    {
+        return array(
+            array(false, '10.0.0.1'),
+            array('10.0.0.2', '10.0.0.2, 10.0.0.1'),
+            array('10.0.0.2, 10.0.0.3', '10.0.0.2, 10.0.0.3, 10.0.0.1'),
+        );
+    }
 }
@@ -26,6 +26,7 @@ class TestHttpKernel extends HttpKernel implements ControllerResolverInterface
     protected $called;
     protected $customizer;
     protected $catch;
+    protected $backendRequest;
 
     public function __construct($body, $status, $headers, \Closure $customizer = null)
     {
@@ -39,9 +40,15 @@ public function __construct($body, $status, $headers, \Closure $customizer = nul
         parent::__construct(new EventDispatcher(), $this);
     }
 
+    public function getBackendRequest()
+    {
+        return $this->backendRequest;
+    }
+
     public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = false)
     {
         $this->catch = $catch;
+        $this->backendRequest = $request;
 
         return parent::handle($request, $type, $catch);
     }
 
@@ -25,6 +25,7 @@ class TestMultipleHttpKernel extends HttpKernel implements ControllerResolverInt
     protected $headers;
     protected $catch;
     protected $call;
+    protected $backendRequest;
 
     public function __construct($responses)
     {
@@ -42,8 +43,15 @@ public function __construct($responses)
         parent::__construct(new EventDispatcher(), $this);
     }
 
+    public function getBackendRequest()
+    {
+        return $this->backendRequest;
+    }
+
     public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = false)
     {
+        $this->backendRequest = $request;
+
         return parent::handle($request, $type, $catch);
     }
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ class TestHttpKernel extends HttpKernel implements ControllerResolverInterface`
`26`	`26`	`protected $called;`
`27`	`27`	`protected $customizer;`
`28`	`28`	`protected $catch;`
	`29`	`+ protected $backendRequest;`
`29`	`30`
`30`	`31`	`public function __construct($body, $status, $headers, \Closure $customizer = null)`
`31`	`32`	`{`
`@@ -39,9 +40,15 @@ public function __construct($body, $status, $headers, \Closure $customizer = nul`
`39`	`40`	`parent::__construct(new EventDispatcher(), $this);`
`40`	`41`	`}`
`41`	`42`
	`43`	`+ public function getBackendRequest()`
	`44`	`+ {`
	`45`	`+ return $this->backendRequest;`
	`46`	`+ }`
	`47`	`+`
`42`	`48`	`public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = false)`
`43`	`49`	`{`
`44`	`50`	`$this->catch = $catch;`
	`51`	`+ $this->backendRequest = $request;`
`45`	`52`
`46`	`53`	`return parent::handle($request, $type, $catch);`
`47`	`54`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ class TestMultipleHttpKernel extends HttpKernel implements ControllerResolverInt`
`25`	`25`	`protected $headers;`
`26`	`26`	`protected $catch;`
`27`	`27`	`protected $call;`
	`28`	`+ protected $backendRequest;`
`28`	`29`
`29`	`30`	`public function __construct($responses)`
`30`	`31`	`{`
`@@ -42,8 +43,15 @@ public function __construct($responses)`
`42`	`43`	`parent::__construct(new EventDispatcher(), $this);`
`43`	`44`	`}`
`44`	`45`
	`46`	`+ public function getBackendRequest()`
	`47`	`+ {`
	`48`	`+ return $this->backendRequest;`
	`49`	`+ }`
	`50`	`+`
`45`	`51`	`public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = false)`
`46`	`52`	`{`
	`53`	`+ $this->backendRequest = $request;`
	`54`	`+`
`47`	`55`	`return parent::handle($request, $type, $catch);`
`48`	`56`	`}`
`49`	`57`