Cloudflare IP support

Looking for an Extension? Have an Extension request? Post your request here for help. (Note: This forum is community supported; while there is an Extensions Development Team, said team does not dedicate itself to handling requests in this forum)
Anti-Spam Guide
Post Reply
fulgan
Registered User
Posts: 73
Joined: Wed Jun 02, 2004 12:46 pm

Cloudflare IP support

Post by fulgan » Wed Oct 29, 2014 1:52 pm

Hello,

My forum is hosted behind the cloudflare service which will act as a proxy server.

However, everything is listed as coming from the proxy server IP, not to original user. Cloudflare adds a special HTTP header to all requests (HTTP_CF_CONNECTING_IP) that contains the original IP address.

Their support suggests that, in order to use that header for monitoring users, I edit the includes/session.php file (there is a single line changed).

I was wondering if, instead, it wouldn't be possible to write a very simple extension for 3.1 that would perform the same change. I guess that it should be possible to make it compatible with more WAFs, reverse proxies and SSL accelerator by allowing the user to configure the HTTP header used for identifying the connecting user IP address.

Thanks

faisca1
Registered User
Posts: 14
Joined: Wed Sep 17, 2008 10:50 am
Location: Portugal

Re: Cloudflare IP support

Post by faisca1 » Mon Dec 01, 2014 11:13 pm

I have the same problem someone help

Tanks

BigDrago
Registered User
Posts: 319
Joined: Fri Dec 10, 2004 5:16 pm
Location: Norway

Re: Cloudflare IP support

Post by BigDrago » Mon Feb 02, 2015 10:24 pm

+1, need this.

Where is that sessions file in php 3.1.3?

User avatar
Lumpy Burgertushie
Registered User
Posts: 66470
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Cloudflare IP support

Post by Lumpy Burgertushie » Mon Feb 02, 2015 10:30 pm

there is no sessions.php file in 3.1
wherever you got those instructions they are out of date.
another problem associated with the use of cloudfare.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21034
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact:

Re: Cloudflare IP support

Post by RMcGirr83 » Tue Feb 03, 2015 12:15 pm

The session.php file is now located within the phpbb directory and it is this line within it that probably needs to be changed.

$this->ip = htmlspecialchars_decode($request->server('REMOTE_ADDR'));

but I agree with Robert, cloudflare has caused problems on many forums. Namely with caching (admin makes a change expecting to see an immediate effect and it doesn't change for a while due to cloudflare).
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored

fulgan
Registered User
Posts: 73
Joined: Wed Jun 02, 2004 12:46 pm

Re: Cloudflare IP support

Post by fulgan » Tue Feb 03, 2015 12:56 pm

RMcGirr83 wrote:but I agree with Robert, cloudflare has caused problems on many forums. Namely with caching (admin makes a change expecting to see an immediate effect and it doesn't change for a while due to cloudflare).
Honestly, that's what happen when you don't know what you're doing. Cloudflare makes it easy to put a WAF, IP reputation filter and CDN in front of your web site but it isn't fairy dust either: you still have to understand a bit how to set it up.

Maybe I should write a short guide about how to do it properly. But for that, I'd need the last piece: a fix to PHPBB where is properly supports X_FORWARDED_FOR (and possibly, have white list of allowed clients that can directly connects to it)

User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21034
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact:

Re: Cloudflare IP support

Post by RMcGirr83 » Tue Feb 03, 2015 4:21 pm

Let's be clear, it isn't me setting it up. It is admins for the forum setting it up and then asking for modification support as to why the coloring, or whatever, isn't changing.
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored

fulgan
Registered User
Posts: 73
Joined: Wed Jun 02, 2004 12:46 pm

Re: Cloudflare IP support

Post by fulgan » Tue Feb 03, 2015 4:26 pm

RMcGirr83 wrote:Let's be clear, it isn't me setting it up. It is admins for the forum setting it up and then asking for modification support as to why the coloring, or whatever, isn't changing.
I wasn't suggesting you were the one failing tho understand how to set it up, really. I was merely commenting on the fact that, if you do, you need to understand what you're doing.

romsko
Registered User
Posts: 15
Joined: Thu Jan 29, 2015 7:39 pm

Re: Cloudflare IP support

Post by romsko » Tue Feb 03, 2015 9:34 pm

Hi mate,

try to replace

Code: Select all

$this->ip = htmlspecialchars_decode($request->server('REMOTE_ADDR'));
with

Code: Select all

$this->ip = ((!empty($request->server('HTTP_CF_CONNECTING_IP')))
          ? htmlspecialchars_decode($request->server('HTTP_CF_CONNECTING_IP')) : '')
          : ((!empty($request->server('REMOTE_ADDR'))) ? htmlspecialchars_decode($request->server('REMOTE_ADDR')) : '');
I don't have test that code, but should work;

User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21034
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact:

Re: Cloudflare IP support

Post by RMcGirr83 » Tue Feb 03, 2015 11:52 pm

Can more simply be

Code: Select all

$this->ip = !empty($request->server('HTTP_CF_CONNECTING_IP'))
          ? htmlspecialchars_decode($request->server('HTTP_CF_CONNECTING_IP')) : htmlspecialchars_decode($request->server('REMOTE_ADDR'));
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored

User avatar
Lumpy Burgertushie
Registered User
Posts: 66470
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Cloudflare IP support

Post by Lumpy Burgertushie » Wed Feb 04, 2015 4:24 am

the problem is that for many users they simply read that they will get some benefit for using cloudfare and just go turn it on in their hosting control panel. many hosts may be turning it on by default without knowing what they are doingf or how to set it up properly .( like they do with mod_security sometimes ).

I don't know much about it but it seems to me to be another way to get a lot of the same features that have always been available in a hosting enviornment. I know, I am an old codger that doesn't like change sometimes.
I have always said, "if it aint broke, don't fix it".


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

fulgan
Registered User
Posts: 73
Joined: Wed Jun 02, 2004 12:46 pm

Re: Cloudflare IP support

Post by fulgan » Wed Feb 04, 2015 8:42 am

the problem is that for many users they simply read that they will get some benefit for using cloudfare and just go turn it on in their hosting control panel.
You can't prevent people from doing stupid things. Best is to see it as a educational.
many hosts may be turning it on by default without knowing what they are doing or how to set it up properly .( like they do with mod_security sometimes ).
I doubt this, really. If it's professional hosting, they do know what they are doing. If it's amateur hosting, well, then, again, that's the way people learn.

The current situation, however, it really uncomfortable: it is simply impossible to put any type of reverse proxy (cloudflare or anything else) in front of a default PHPBB without breaking it in various way. This is specially annoying since: a) proper handling of reverse proxy is pretty easy (and even supported by Smphony already) b) not providing that support makes it very hard to do defense in depth (something that saved my DB a couple of times since I started using PHPBB with version 1.x)

Anyway, thank you for the code snippet. It doesn't work but thanks for the effort :)

User avatar
Lumpy Burgertushie
Registered User
Posts: 66470
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Cloudflare IP support

Post by Lumpy Burgertushie » Wed Feb 04, 2015 6:31 pm

I doubt this, really. If it's professional hosting, they do know what they are doing.
you must not have dealt with many hosting companies.

godaddy, ipage, just to name a couple and I have no idea how many times I have seen here where so called "professional" hosting companies have setup their mod_security with the defaults with no idea the problems they are causing their customers.

most of the time the "professionals" simply install server software out of the box and either don't know how to set things up or don't care.

just ranting.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

BigDrago
Registered User
Posts: 319
Joined: Fri Dec 10, 2004 5:16 pm
Location: Norway

Re: Cloudflare IP support

Post by BigDrago » Wed Feb 04, 2015 6:40 pm

Well...site is never offline, free ssl, railgun etc... Add site directly to cloudflare.com, no reason to enable it through cpanel.

Cloudflare support haven't answered me yet.

BigDrago
Registered User
Posts: 319
Joined: Fri Dec 10, 2004 5:16 pm
Location: Norway

Re: Cloudflare IP support

Post by BigDrago » Wed Feb 04, 2015 9:54 pm

Regarding 3.0.13
I found this line:

Code: Select all

$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : '';
But the support page:
https://support.cloudflare.com/hc/en-us ... ith-PHPBB-

Says I should find this line (which isn´t there)

Code: Select all

$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : '';

Anyway, I changed the first code to this:

Code: Select all

$this->ip = (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) ? htmlspecialchars((string) $_SERVER['HTTP_CF_CONNECTING_IP']) : '';
Still waiting for Cloudflare to fix the issue with 3.1.x

Post Reply

Return to “Extension Requests”