[3.2][BETA] Trust X-Forwarded-For

A place for Extension Authors to post and receive feedback on Extensions still in development. No Extensions within this forum should be used within a live environment!
Scam Warning
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: Extensions Development rules

IMPORTANT FOR NEEDED EVENTS!!!
If you need an event for your extension please read this for the steps to follow to request the event(s)
User avatar
martti
Registered User
Posts: 684
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti » Thu Nov 15, 2018 9:19 pm

martti wrote:
Thu Nov 15, 2018 9:15 pm
It is the port number. The extension is expecting a list of comma separated ip's, without port numbers. The X-Forwarded-For header isn't standardized and some reverse proxies add ports as it seems. I will change the extension to strip of the port.
In event/listener.php

Code: Select all

		$forwarded_for = trim($this->request->header('X-Forwarded-For'));
		$forwarded_for = str_replace(' ', '', $forwarded_for);
		$forwarded_for = explode(',', $forwarded_for);
		$forwarded_for = trim($forwarded_for[count($forwarded_for) - 1]);

		if (!filter_var($forwarded_for, FILTER_VALIDATE_IP))
		{
			throw new \Exception('Trust X-Forwarded-For Extension: invalid X-Forwarded-For: ' . $forwarded_for);
		}
Becomes (one line added before the if-statement)

Code: Select all

		$forwarded_for = trim($this->request->header('X-Forwarded-For'));
		$forwarded_for = str_replace(' ', '', $forwarded_for);
		$forwarded_for = explode(',', $forwarded_for);
		$forwarded_for = trim($forwarded_for[count($forwarded_for) - 1]);
		[$forwarded_for] = explode(':', $forwarded_for);

		if (!filter_var($forwarded_for, FILTER_VALIDATE_IP))
		{
			throw new \Exception('Trust X-Forwarded-For Extension: invalid X-Forwarded-For: ' . $forwarded_for);
		}

Manick_swe
Registered User
Posts: 11
Joined: Wed Feb 11, 2015 1:05 pm

Re: [3.2][BETA] Trust X-Forwarded-For

Post by Manick_swe » Thu Nov 15, 2018 9:31 pm

Gave it a go and it looks like its getting closer.

Pasted the code as you wrote it with the [] around $forwarded_for, this gave me the following error:

Code: Select all

[Thu Nov 15 21:25:52.735467 2018] [:error] [pid 3890] [client 192.168.0.18:57302] PHP Parse error:  syntax error, unexpected '=' in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 59, referer: https://www.domain.com/forum/viewforum.php?f=3
So i removed the [] and instead of an error 500, i got this in the browser:

Code: Select all

[phpBB Debug] PHP Notice: in file [ROOT]/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 63: Array to string conversion

Manick_swe
Registered User
Posts: 11
Joined: Wed Feb 11, 2015 1:05 pm

Re: [3.2][BETA] Trust X-Forwarded-For

Post by Manick_swe » Thu Nov 15, 2018 9:41 pm

Bingo! :D

Had a look in my reverseproxy and i could disable "Include TCP port from client" so i did.
Image


Then i reverted back to this code:

Code: Select all

$forwarded_for = trim($this->request->header('X-Forwarded-For'));
		$forwarded_for = str_replace(' ', '', $forwarded_for);
		$forwarded_for = explode(',', $forwarded_for);
		$forwarded_for = trim($forwarded_for[count($forwarded_for) - 1]);

		if (!filter_var($forwarded_for, FILTER_VALIDATE_IP))
		{
			throw new \Exception('Trust X-Forwarded-For Extension: invalid X-Forwarded-For: ' . $forwarded_for);
		}
Becomes (one line added before the if-statement)
And voila! It works!
Image

Thanks a million, i have been looking for a solution for this for ages! :)

User avatar
martti
Registered User
Posts: 684
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti » Thu Nov 15, 2018 9:42 pm

Manick_swe wrote:
Thu Nov 15, 2018 9:31 pm
Gave it a go and it looks like its getting closer.

Pasted the code as you wrote it with the [] around $forwarded_for, this gave me the following error:

Code: Select all

[Thu Nov 15 21:25:52.735467 2018] [:error] [pid 3890] [client 192.168.0.18:57302] PHP Parse error:  syntax error, unexpected '=' in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 59, referer: https://www.domain.com/forum/viewforum.php?f=3
So i removed the [] and instead of an error 500, i got this in the browser:

Code: Select all

[phpBB Debug] PHP Notice: in file [ROOT]/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 63: Array to string conversion
Ah sorry, the bracket notation works only from PHP 7.1.
https://sebastiandedeyne.com/the-list-f ... ing-in-php

You can use list()

Code: Select all

list($forwarded_for) = explode(':', $forwarded_for);

User avatar
martti
Registered User
Posts: 684
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti » Thu Nov 15, 2018 9:43 pm

Manick_swe wrote:
Thu Nov 15, 2018 9:41 pm
Bingo! :D

Had a look in my reverseproxy and i could disable "Include TCP port from client" so i did.
Image


Then i reverted back to this code:

Code: Select all

$forwarded_for = trim($this->request->header('X-Forwarded-For'));
		$forwarded_for = str_replace(' ', '', $forwarded_for);
		$forwarded_for = explode(',', $forwarded_for);
		$forwarded_for = trim($forwarded_for[count($forwarded_for) - 1]);

		if (!filter_var($forwarded_for, FILTER_VALIDATE_IP))
		{
			throw new \Exception('Trust X-Forwarded-For Extension: invalid X-Forwarded-For: ' . $forwarded_for);
		}
Becomes (one line added before the if-statement)
And voila! It works!
Image

Thanks a million, i have been looking for a solution for this for ages! :)
Ok, good!

User avatar
canonknipser
Registered User
Posts: 1710
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: [3.2][BETA] Trust X-Forwarded-For

Post by canonknipser » Thu Nov 15, 2018 9:46 pm

How do you handle IPV6-Adresses? They have : in standard notation -> https://en.wikipedia.org/wiki/IPv6_addr ... esentation
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB

User avatar
martti
Registered User
Posts: 684
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti » Thu Nov 15, 2018 9:52 pm

canonknipser wrote:
Thu Nov 15, 2018 9:46 pm
How do you handle IPV6-Adresses? They have : in standard notation -> https://en.wikipedia.org/wiki/IPv6_addr ... esentation
Ah yes, you're right. Indeed, I should limit this extension to X-Forwarded-For headers without port numbers, I think.

Manick_swe
Registered User
Posts: 11
Joined: Wed Feb 11, 2015 1:05 pm

Re: [3.2][BETA] Trust X-Forwarded-For

Post by Manick_swe » Thu Nov 15, 2018 9:57 pm

martti wrote:
Thu Nov 15, 2018 9:52 pm
canonknipser wrote:
Thu Nov 15, 2018 9:46 pm
How do you handle IPV6-Adresses? They have : in standard notation -> https://en.wikipedia.org/wiki/IPv6_addr ... esentation
Ah yes, you're right. Indeed, I should limit this extension to X-Forwarded-For headers without port numbers, I think.
Sounds fair, cant see why you would want to get the port number all the way to the forum logs.

User avatar
canonknipser
Registered User
Posts: 1710
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: [3.2][BETA] Trust X-Forwarded-For

Post by canonknipser » Thu Nov 15, 2018 9:58 pm

There is a special notation when using port numbers together with IPV6 -> https://en.wikipedia.org/wiki/IPv6_addr ... dentifiers
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB

Post Reply

Return to “Extensions in Development”

Who is online

Users browsing this forum: davidyin, Gubkin and 29 guests