Cloudflare IP support

Looking for an Extension? Have an Extension request? Post your request here for help. (Note: This forum is community supported; while there is an Extensions Development Team, said team does not dedicate itself to handling requests in this forum)
Suggested Hosts
Post Reply
fulgan
Registered User
Posts: 73
Joined: Wed Jun 02, 2004 12:46 pm

Cloudflare IP support

Post by fulgan »

Hello,

My forum is hosted behind the cloudflare service which will act as a proxy server.

However, everything is listed as coming from the proxy server IP, not to original user. Cloudflare adds a special HTTP header to all requests (HTTP_CF_CONNECTING_IP) that contains the original IP address.

Their support suggests that, in order to use that header for monitoring users, I edit the includes/session.php file (there is a single line changed).

I was wondering if, instead, it wouldn't be possible to write a very simple extension for 3.1 that would perform the same change. I guess that it should be possible to make it compatible with more WAFs, reverse proxies and SSL accelerator by allowing the user to configure the HTTP header used for identifying the connecting user IP address.

Thanks
faisca1
Registered User
Posts: 14
Joined: Wed Sep 17, 2008 10:50 am
Location: Portugal

Re: Cloudflare IP support

Post by faisca1 »

I have the same problem someone help

Tanks
BigDrago
Registered User
Posts: 366
Joined: Fri Dec 10, 2004 5:16 pm
Location: Norway

Re: Cloudflare IP support

Post by BigDrago »

+1, need this.

Where is that sessions file in php 3.1.3?
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Cloudflare IP support

Post by Lumpy Burgertushie »

there is no sessions.php file in 3.1
wherever you got those instructions they are out of date.
another problem associated with the use of cloudfare.


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
RMcGirr83
Former Team Member
Posts: 22016
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Cloudflare IP support

Post by RMcGirr83 »

The session.php file is now located within the phpbb directory and it is this line within it that probably needs to be changed.

$this->ip = htmlspecialchars_decode($request->server('REMOTE_ADDR'));

but I agree with Robert, cloudflare has caused problems on many forums. Namely with caching (admin makes a change expecting to see an immediate effect and it doesn't change for a while due to cloudflare).
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beer Image
fulgan
Registered User
Posts: 73
Joined: Wed Jun 02, 2004 12:46 pm

Re: Cloudflare IP support

Post by fulgan »

RMcGirr83 wrote:but I agree with Robert, cloudflare has caused problems on many forums. Namely with caching (admin makes a change expecting to see an immediate effect and it doesn't change for a while due to cloudflare).
Honestly, that's what happen when you don't know what you're doing. Cloudflare makes it easy to put a WAF, IP reputation filter and CDN in front of your web site but it isn't fairy dust either: you still have to understand a bit how to set it up.

Maybe I should write a short guide about how to do it properly. But for that, I'd need the last piece: a fix to PHPBB where is properly supports X_FORWARDED_FOR (and possibly, have white list of allowed clients that can directly connects to it)
User avatar
RMcGirr83
Former Team Member
Posts: 22016
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Cloudflare IP support

Post by RMcGirr83 »

Let's be clear, it isn't me setting it up. It is admins for the forum setting it up and then asking for modification support as to why the coloring, or whatever, isn't changing.
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beer Image
fulgan
Registered User
Posts: 73
Joined: Wed Jun 02, 2004 12:46 pm

Re: Cloudflare IP support

Post by fulgan »

RMcGirr83 wrote:Let's be clear, it isn't me setting it up. It is admins for the forum setting it up and then asking for modification support as to why the coloring, or whatever, isn't changing.
I wasn't suggesting you were the one failing tho understand how to set it up, really. I was merely commenting on the fact that, if you do, you need to understand what you're doing.
romsko
Registered User
Posts: 15
Joined: Thu Jan 29, 2015 7:39 pm

Re: Cloudflare IP support

Post by romsko »

Hi mate,

try to replace

Code: Select all

$this->ip = htmlspecialchars_decode($request->server('REMOTE_ADDR'));
with

Code: Select all

$this->ip = ((!empty($request->server('HTTP_CF_CONNECTING_IP')))
          ? htmlspecialchars_decode($request->server('HTTP_CF_CONNECTING_IP')) : '')
          : ((!empty($request->server('REMOTE_ADDR'))) ? htmlspecialchars_decode($request->server('REMOTE_ADDR')) : '');
I don't have test that code, but should work;
User avatar
RMcGirr83
Former Team Member
Posts: 22016
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Cloudflare IP support

Post by RMcGirr83 »

Can more simply be

Code: Select all

$this->ip = !empty($request->server('HTTP_CF_CONNECTING_IP'))
          ? htmlspecialchars_decode($request->server('HTTP_CF_CONNECTING_IP')) : htmlspecialchars_decode($request->server('REMOTE_ADDR'));
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beer Image
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Cloudflare IP support

Post by Lumpy Burgertushie »

the problem is that for many users they simply read that they will get some benefit for using cloudfare and just go turn it on in their hosting control panel. many hosts may be turning it on by default without knowing what they are doingf or how to set it up properly .( like they do with mod_security sometimes ).

I don't know much about it but it seems to me to be another way to get a lot of the same features that have always been available in a hosting enviornment. I know, I am an old codger that doesn't like change sometimes.
I have always said, "if it aint broke, don't fix it".


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
fulgan
Registered User
Posts: 73
Joined: Wed Jun 02, 2004 12:46 pm

Re: Cloudflare IP support

Post by fulgan »

the problem is that for many users they simply read that they will get some benefit for using cloudfare and just go turn it on in their hosting control panel.
You can't prevent people from doing stupid things. Best is to see it as a educational.
many hosts may be turning it on by default without knowing what they are doing or how to set it up properly .( like they do with mod_security sometimes ).
I doubt this, really. If it's professional hosting, they do know what they are doing. If it's amateur hosting, well, then, again, that's the way people learn.

The current situation, however, it really uncomfortable: it is simply impossible to put any type of reverse proxy (cloudflare or anything else) in front of a default PHPBB without breaking it in various way. This is specially annoying since: a) proper handling of reverse proxy is pretty easy (and even supported by Smphony already) b) not providing that support makes it very hard to do defense in depth (something that saved my DB a couple of times since I started using PHPBB with version 1.x)

Anyway, thank you for the code snippet. It doesn't work but thanks for the effort :)
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Cloudflare IP support

Post by Lumpy Burgertushie »

I doubt this, really. If it's professional hosting, they do know what they are doing.
you must not have dealt with many hosting companies.

godaddy, ipage, just to name a couple and I have no idea how many times I have seen here where so called "professional" hosting companies have setup their mod_security with the defaults with no idea the problems they are causing their customers.

most of the time the "professionals" simply install server software out of the box and either don't know how to set things up or don't care.

just ranting.


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
BigDrago
Registered User
Posts: 366
Joined: Fri Dec 10, 2004 5:16 pm
Location: Norway

Re: Cloudflare IP support

Post by BigDrago »

Well...site is never offline, free ssl, railgun etc... Add site directly to cloudflare.com, no reason to enable it through cpanel.

Cloudflare support haven't answered me yet.
BigDrago
Registered User
Posts: 366
Joined: Fri Dec 10, 2004 5:16 pm
Location: Norway

Re: Cloudflare IP support

Post by BigDrago »

Regarding 3.0.13
I found this line:

Code: Select all

$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : '';
But the support page:
https://support.cloudflare.com/hc/en-us ... ith-PHPBB-

Says I should find this line (which isn´t there)

Code: Select all

$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : '';

Anyway, I changed the first code to this:

Code: Select all

$this->ip = (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) ? htmlspecialchars((string) $_SERVER['HTTP_CF_CONNECTING_IP']) : '';
Still waiting for Cloudflare to fix the issue with 3.1.x
Post Reply

Return to “Extension Requests”