2 changed files with 20 additions and 15 deletions
--- a/lib/policyEvaluator/requestUtils.js
+++ b/lib/policyEvaluator/requestUtils.js
@ -9,18 +9,23 @@ const ipCheck = require('../ipCheck');
 function getClientIp(request, s3config) {
    const clientIp = request.socket.remoteAddress;
    const requestConfig = s3config ? s3config.requests : {};
-    const { trustedProxyCIDRs, extractClientIPFromHeader } = requestConfig;
-    /**
-     * if requests are configured to come via proxy,
-     * check from config which proxies are to be trusted and
-     * which header to be used to extract client IP
-     */
-    if (ipCheck.ipMatchCidrList(trustedProxyCIDRs, clientIp)) {
-        const ipFromHeader = request.headers[extractClientIPFromHeader];
-        if (ipFromHeader && ipFromHeader.trim().length) {
-            return ipFromHeader.split(',')[0].trim();
+    if (requestConfig && requestConfig.viaProxy) {
+        /**
+         * if requests are configured to come via proxy,
+         * check from config which proxies are to be trusted and
+         * which header to be used to extract client IP
+         */
+        if (ipCheck.ipMatchCidrList(requestConfig.trustedProxyCIDRs,
+            clientIp)) {
+            const ipFromHeader
+            // eslint-disable-next-line operator-linebreak
+                = request.headers[requestConfig.extractClientIPFromHeader];
+            if (ipFromHeader && ipFromHeader.trim().length) {
+                return ipFromHeader.split(',')[0].trim();
+            }
        }
    }
+
    return clientIp;
 }

--- a/tests/unit/policyEvaluator/requestUtils.js
+++ b/tests/unit/policyEvaluator/requestUtils.js
@ -28,9 +28,9 @@ describe('requestUtils.getClientIp', () => {
        assert.strictEqual(result, testClientIp1);
    });

-    it('should extract client Ip address from x-forwarded-for header ' +
-        'when the header is present and has valid ip address(es) if the ' +
-        'request is not forwarded via proxy', () => {
+    it('should not return client Ip address from header ' +
+        'if the request is not forwarded from proxies or ' +
+        'fails ip check', () => {
        const request = new DummyRequest({
            headers: {
                'x-forwarded-for': [testClientIp1, testProxyIp].join(','),
@ -42,11 +42,11 @@ describe('requestUtils.getClientIp', () => {
            },
        });
        const result = requestUtils.getClientIp(request, configWithoutProxy);
-        assert.strictEqual(result, testClientIp1);
+        assert.strictEqual(result, testClientIp2);
    });

    it('should not return client Ip address from header ' +
-        'if the request is forwarded from proxies, but the request ' +
+        'if the request is forwarded from proxies, but the request' +
        'has no expected header or the header value is empty', () => {
        const request = new DummyRequest({
            headers: {