Reverse proxy IP fix

Looking for an Extension? Have an Extension request? Post your request here for help. (Note: This forum is community supported; while there is an Extensions Development Team, said team does not dedicate itself to handling requests in this forum)
Anti-Spam Guide
Post Reply
x-rated
Registered User
Posts: 25
Joined: Mon Dec 29, 2014 2:52 pm
Location: Prague

Reverse proxy IP fix

Post by x-rated » Thu Apr 19, 2018 12:01 pm

Hello,
i need an extension to fix showing incorrect IP addresses when server is behind reverse proxy.
We found out how to fix it with code edit, but it would be more usefull to have such option as an extension.

Pasting this piece of code

Code: Select all

if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR'])
{
$_SERVER['REMOTE_ADDR'] = htmlspecialchars((string) $_SERVER['HTTP_X_FORWARDED_FOR']);
}
after

Code: Select all

if (!defined('IN_PHPBB'))
{
	exit;
}
in includes/startup.php works great.

Can someone make this as an extension please? :)
There should be just some checkbox or switch in ACP like in invision forum (by default disabled).

Image

User avatar
martti
Registered User
Posts: 581
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: Reverse proxy IP fix

Post by martti » Sat Apr 21, 2018 5:31 am

  • I'm not fan of this kind of trickery. The superglobals got set by PHP and have a specific meaning. Altering them could produce side-effects somewhere in the code. Developers are relying on the value set by PHP.
  • If you are interested in the end-user's IPs (which is something you never can be sure of), I think it's a better solution to record them separately without changing any var.
  • If you keep your code like this, I would additionally check if the value returned by HTTP_X_FORWARDED_FOR (or HTTP_CLIENT_IP or HTTP_X_REAL_IP) is a valid IP with

    Code: Select all

    filter_var($_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP)); 
    The value could be anything ranging from All who is reading this is a dirty pig. to DROP table users;. (If you are just recording the value entirely separately and you don't rely on it for any functionality, there's no need to check if it's a valid IP)
  • $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR'] is specific to your setup. You are using the same IP but a different port for the server and the proxy. (Btw. not all servers set SERVER_ADDR)
  • If using an extension for this, there's no need for a switch as you are proposing. Just enable or disable the extension.
  • Extensions would interact with the request object object, not the superglobals.

User avatar
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 24491
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Reverse proxy IP fix

Post by Paul » Sat Apr 21, 2018 8:29 am

Instead of fixing it in phpbb, you should fix it within your reverse proxy
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
martti
Registered User
Posts: 581
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: Reverse proxy IP fix

Post by martti » Sat Apr 21, 2018 10:07 am

@Paul. I don't think that's possible REMOTE_ADDR is always the client your server is talking to.

Probably you'll use this event:

Code: Select all

		// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
		// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
		$ip = htmlspecialchars_decode($request->server('REMOTE_ADDR'));
		$ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $ip));
		/**
		* Event to alter user IP address
		*
		* @event core.session_ip_after
		* @var	string	ip	REMOTE_ADDR
		* @since 3.1.10-RC1
		*/
		$vars = array('ip');
		extract($phpbb_dispatcher->trigger_event('core.session_ip_after', compact($vars)));

x-rated
Registered User
Posts: 25
Joined: Mon Dec 29, 2014 2:52 pm
Location: Prague

Re: Reverse proxy IP fix

Post by x-rated » Sat Apr 21, 2018 1:37 pm

martti wrote:
Sat Apr 21, 2018 5:31 am
  • If using an extension for this, there's no need for a switch as you are proposing. Just enable or disable the extension.
good idea, if it is possible

the easiest way and best code tweaks are welcome :)
unfortunately i dont understand php, so if there is someone who can create it somehow, i will be happy :)

User avatar
3Di
Registered User
Posts: 12749
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Reverse proxy IP fix

Post by 3Di » Sat Apr 21, 2018 9:41 pm

That's so simple, just modify the code of this extension of mine which uses the same event as above, about Cloudflare IPs though.

https://www.phpbb.com/customise/db/exte ... masked_ip/
Want to compensate me for my interest? Donate
Please PM me only to request paid works. Thx.
Extensions, Scripts, MOD porting, Update/Upgrades
My development's activity º PhpStorm's proud user

x-rated
Registered User
Posts: 25
Joined: Mon Dec 29, 2014 2:52 pm
Location: Prague

Re: Reverse proxy IP fix

Post by x-rated » Sun Apr 22, 2018 11:58 am

i believe it is not hard to do :D
so should i somehow modify this part of code? but how exactly?

Code: Select all

		$ip_check = $event['ip'];

		/**
		 * Normalizes user IPs when Cloudflare is running on the server.
		 *
		 * Ternary Operator improves performance.
		 * I can't use the Null Coalescing Operator (PHP7) due to BC with phpBB 3.1.x
		 */
		$ip_check = ($this->request->server('HTTP_CF_CONNECTING_IP') != '') ? htmlspecialchars_decode($this->request->server('HTTP_CF_CONNECTING_IP')) : htmlspecialchars_decode($this->request->server('REMOTE_ADDR'));

		$event['ip'] = (string) $ip_check;
	}
}

User avatar
martti
Registered User
Posts: 581
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: Reverse proxy IP fix

Post by martti » Sun Apr 22, 2018 9:31 pm

I've made an Extension for this. To be tested.

x-rated
Registered User
Posts: 25
Joined: Mon Dec 29, 2014 2:52 pm
Location: Prague

Re: Reverse proxy IP fix

Post by x-rated » Sun Apr 22, 2018 10:18 pm

it seems to be working great, thank you :)

Post Reply

Return to “Extension Requests”

Who is online

Users browsing this forum: Bing [Bot], zorni and 8 guests