[3.2][3.3][BETA] Trust X-Forwarded-For

A place for Extension Authors to post and receive feedback on Extensions still in development. No Extensions within this forum should be used within a live environment!
Suggested Hosts
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: Extensions Development rules

IMPORTANT FOR NEEDED EVENTS!!!
If you need an event for your extension please read this for the steps to follow to request the event(s)
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

[3.2][3.3][BETA] Trust X-Forwarded-For

Post by martti »

In response to this request.

Extension Name: Trust X-Forwarded-For
Author: martti
Extension Description: Logging of user IPs from the X-Forwarded-For HTTP header when using a reverse proxy which is under your control (and can trust it sets the X-Forwarded-For header correctly).

The X-Forwarded-For header value is a comma and space separated list of IP addresses, the left-most being the original client, and each successive proxy that passed the request adding the IP address where it received the request from.

This extension will set the user ip in your phpBB to the most trusted (most right) ip in the X-Forwarded-For header instead of REMOTE_ADDR (the direct client) Use this only with a reverse proxy which is under your control. This extension will block all ips which are not localhost (127.0.0.1 or ::1) unless defined in the environment variable MARTTIPHPBB_TRUSTXFORWARDEDFOR_IPS which can be a comma separated list of ip addresses.

If your reverse proxy has i.e the address 172.17.0.13, then set the environment variable MARTTIPHPBB_TRUSTXFORWARDEDFOR_IPS=172.17.0.13

Extension Version: 0.1.5
Requirements:
  • phpBB 3.2+
  • PHP 7+
Extension Download: https://github.com/marttiphpbb/phpbb-ex ... master.zip The files are to be put into ext/marttiphpbb/trustxforwardedfor
Github repository: https://github.com/marttiphpbb/phpbb-ex ... rwardedfor
Languages: no language files included
Templates: no template files included
Screenshots:

In the admin log:


Image

172.17.0.1 is the address of my reverse proxy and 109.129.122.208 was my own ip yesterday.
Without the extension every users' ip would always show 172.17.0.1
Note: I purged the cache and enabled the extension with the CLI, that's why the user is Anonymous there.
Last edited by martti on Tue Aug 23, 2022 7:06 pm, edited 7 times in total.
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

I've add a screenshot.
User avatar
noth
Registered User
Posts: 2528
Joined: Fri Jan 07, 2005 7:10 pm
Location: North Surrey

Re: [3.2][BETA] Trust X-Forwarded-For

Post by noth »

I'm not sure of the scenario for this
but is it like this :?:

A user on your board is banned
they return to your board opening a new account to circumvent your ban
you ban them again, then you ban them on IP

the banned user employs proxy IP software to circumvent your IP ban
:arrow: this extension reveals who they are, despite their proxy software, is that it? :D
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

noth wrote: Sat Sep 01, 2018 9:59 pm I'm not sure of the scenario for this
but is it like this :?:

A user on your board is banned
they return to your board opening a new account to circumvent your ban
you ban them again, then you ban them on IP

the banned user employs proxy IP software to circumvent your IP ban
:arrow: this extension reveals who they are, despite their proxy software, is that it? :D
No, it has nothing to do with that. This is for a reverse proxy, a proxy controlled from server side.
Manick_swe
Registered User
Posts: 13
Joined: Wed Feb 11, 2015 1:05 pm

Re: [3.2][BETA] Trust X-Forwarded-For

Post by Manick_swe »

Hi!

Im trying to get this to work but im not making much of a progress. As soon as i enable this plugin, my forum throws a Error 500 and i cannot access anything what so ever. I am guessing this is due to i have not defined the MARTTIPHPBB_TRUSTXFORWARDEDFOR_IPS - variable. How do i do this? Where is this defined?

Thanks
Tommy
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

Manick_swe wrote: Thu Nov 15, 2018 12:53 pm Hi!

Im trying to get this to work but im not making much of a progress. As soon as i enable this plugin, my forum throws a Error 500 and i cannot access anything what so ever. I am guessing this is due to i have not defined the MARTTIPHPBB_TRUSTXFORWARDEDFOR_IPS - variable. How do i do this? Where is this defined?

Thanks
Tommy
The environment variable is to be set in the operating system where your server is running in. See Google on how to do that for your environment.
Manick_swe
Registered User
Posts: 13
Joined: Wed Feb 11, 2015 1:05 pm

Re: [3.2][BETA] Trust X-Forwarded-For

Post by Manick_swe »

Thanks, found how to add the variable but still getting the 500 error. My apache error log tells me this:

Code: Select all

[Thu Nov 15 13:40:28.664370 2018] [:error] [pid 17832] [client xxx.xxx.xxx:52204] PHP Fatal error:  Uncaught Exception: Trust X-Forwarded-For Extension: Untrusted IP: xxx.xxx.xxx in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php:51\nStack trace:\n#0 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(184): marttiphpbb\\trustxforwardedfor\\event\\listener->core_session_ip_after(Object(phpbb\\event\\data), 'core.session_ip...', Object(phpbb\\event\\dispatcher))\n#1 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(46): Symfony\\Component\\EventDispatcher\\EventDispatcher->doDispatch(Array, 'core.session_ip...', Object(phpbb\\event\\data))\n#2 /var/www/forum/phpbb/event/dispatcher.php(62): Symfony\\Component\\EventDispatcher\\EventDispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#3 /var/www/forum/phpbb/event/dispatcher.php(46): phpbb\\event\\dispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#4 /var/www/forum/phpbb/session.php(304): phpbb\\event\\dispatcher->trigger_event('core.session_ip...', Array)\n#5 /var/www/forum/index.php(27): phpbb\\se in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 51
Any ideas? :/

Some system info:
Ubuntu server with fully patched apache2 and php7+, latest version of PHPBB 3,2 running a IIS ARR Reverse proxy infront of the web server.
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

Manick_swe wrote: Thu Nov 15, 2018 1:43 pm Thanks, found how to add the variable but still getting the 500 error. My apache error log tells me this:

Code: Select all

[Thu Nov 15 13:40:28.664370 2018] [:error] [pid 17832] [client xxx.xxx.xxx:52204] PHP Fatal error:  Uncaught Exception: Trust X-Forwarded-For Extension: Untrusted IP: xxx.xxx.xxx in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php:51\nStack trace:\n#0 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(184): marttiphpbb\\trustxforwardedfor\\event\\listener->core_session_ip_after(Object(phpbb\\event\\data), 'core.session_ip...', Object(phpbb\\event\\dispatcher))\n#1 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(46): Symfony\\Component\\EventDispatcher\\EventDispatcher->doDispatch(Array, 'core.session_ip...', Object(phpbb\\event\\data))\n#2 /var/www/forum/phpbb/event/dispatcher.php(62): Symfony\\Component\\EventDispatcher\\EventDispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#3 /var/www/forum/phpbb/event/dispatcher.php(46): phpbb\\event\\dispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#4 /var/www/forum/phpbb/session.php(304): phpbb\\event\\dispatcher->trigger_event('core.session_ip...', Array)\n#5 /var/www/forum/index.php(27): phpbb\\se in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 51
Any ideas? :/

Some system info:
Ubuntu server with fully patched apache2 and php7+, latest version of PHPBB 3,2 running a IIS ARR Reverse proxy infront of the web server.
That's strange, that you get xxx.xxx.xxx. It is not an ip structure. And what did you put in the environment variable then?
Manick_swe
Registered User
Posts: 13
Joined: Wed Feb 11, 2015 1:05 pm

Re: [3.2][BETA] Trust X-Forwarded-For

Post by Manick_swe »

I masked my real IP when i posted it here. The variable is set to the same adress as i get in the error message.

To be more accurate.
"echo $MARTTIPHPBB_TRUSTXFORWARDEDFOR_IPS" results in "192.168.0.18"

And the error message would look exactly like this:

Code: Select all

[Thu Nov 15 17:36:29.005708 2018] [:error] [pid 499] [client 192.168.0.18:55187] PHP Fatal error:  Uncaught Exception: Trust X-Forwarded-For Extension: Untrusted IP: 192.168.0.18 in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php:51\nStack trace:\n#0 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(184): marttiphpbb\\trustxforwardedfor\\event\\listener->core_session_ip_after(Object(phpbb\\event\\data), 'core.session_ip...', Object(phpbb\\event\\dispatcher))\n#1 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(46): Symfony\\Component\\EventDispatcher\\EventDispatcher->doDispatch(Array, 'core.session_ip...', Object(phpbb\\event\\data))\n#2 /var/www/forum/phpbb/event/dispatcher.php(62): Symfony\\Component\\EventDispatcher\\EventDispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#3 /var/www/forum/phpbb/event/dispatcher.php(46): phpbb\\event\\dispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#4 /var/www/forum/phpbb/session.php(304): phpbb\\event\\dispatcher->trigger_event('core.session_ip...', Array)\n#5 /var/www/forum/index.php(27): phpbb\\se in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 51, referer: https://www.domain.com/forum/viewtopic.php?f=69&t=6309
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

Manick_swe wrote: Thu Nov 15, 2018 4:59 pm I masked my real IP when i posted it here. The variable is set to the same adress as i get in the error message.

To be more accurate.
"echo $MARTTIPHPBB_TRUSTXFORWARDEDFOR_IPS" results in "192.168.0.18"

And the error message would look exactly like this:

Code: Select all

[Thu Nov 15 17:36:29.005708 2018] [:error] [pid 499] [client 192.168.0.18:55187] PHP Fatal error:  Uncaught Exception: Trust X-Forwarded-For Extension: Untrusted IP: 192.168.0.18 in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php:51\nStack trace:\n#0 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(184): marttiphpbb\\trustxforwardedfor\\event\\listener->core_session_ip_after(Object(phpbb\\event\\data), 'core.session_ip...', Object(phpbb\\event\\dispatcher))\n#1 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(46): Symfony\\Component\\EventDispatcher\\EventDispatcher->doDispatch(Array, 'core.session_ip...', Object(phpbb\\event\\data))\n#2 /var/www/forum/phpbb/event/dispatcher.php(62): Symfony\\Component\\EventDispatcher\\EventDispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#3 /var/www/forum/phpbb/event/dispatcher.php(46): phpbb\\event\\dispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#4 /var/www/forum/phpbb/session.php(304): phpbb\\event\\dispatcher->trigger_event('core.session_ip...', Array)\n#5 /var/www/forum/index.php(27): phpbb\\se in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 51, referer: https://www.domain.com/forum/viewtopic.php?f=69&t=6309
Apache2 runs in it's own environment. So you need to set the environment variable there.
https://unix.stackexchange.com/question ... -in-ubuntu (This might be old; it is from 2012)
Manick_swe
Registered User
Posts: 13
Joined: Wed Feb 11, 2015 1:05 pm

Re: [3.2][BETA] Trust X-Forwarded-For

Post by Manick_swe »

Okey so that seemed to take care of the variable issue but im still getting a 500 error :/

Code: Select all

[Thu Nov 15 20:38:44.532330 2018] [:error] [pid 3890] [client 192.168.0.18:56837] PHP Fatal error:  Uncaught Exception: Trust X-Forwarded-For Extension: invalid X-Forwarded-For IP: 192.168.0.18 in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php:61\nStack trace:\n#0 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(184): marttiphpbb\\trustxforwardedfor\\event\\listener->core_session_ip_after(Object(phpbb\\event\\data), 'core.session_ip...', Object(phpbb\\event\\dispatcher))\n#1 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(46): Symfony\\Component\\EventDispatcher\\EventDispatcher->doDispatch(Array, 'core.session_ip...', Object(phpbb\\event\\data))\n#2 /var/www/forum/phpbb/event/dispatcher.php(62): Symfony\\Component\\EventDispatcher\\EventDispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#3 /var/www/forum/phpbb/event/dispatcher.php(46): phpbb\\event\\dispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#4 /var/www/forum/phpbb/session.php(304): phpbb\\event\\dispatcher->trigger_event('core.session_ip...', Array)\n#5 /var/www/forum/app.php(2 in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 61, referer: https://domain.com/forum/index.php
I have inspected the traffic comming from my reverse proxy and it is sending the X-Forwarded-For with the client IP.
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

Manick_swe wrote: Thu Nov 15, 2018 8:41 pm Okey so that seemed to take care of the variable issue but im still getting a 500 error :/

Code: Select all

[Thu Nov 15 20:38:44.532330 2018] [:error] [pid 3890] [client 192.168.0.18:56837] PHP Fatal error:  Uncaught Exception: Trust X-Forwarded-For Extension: invalid X-Forwarded-For IP: 192.168.0.18 in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php:61\nStack trace:\n#0 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(184): marttiphpbb\\trustxforwardedfor\\event\\listener->core_session_ip_after(Object(phpbb\\event\\data), 'core.session_ip...', Object(phpbb\\event\\dispatcher))\n#1 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(46): Symfony\\Component\\EventDispatcher\\EventDispatcher->doDispatch(Array, 'core.session_ip...', Object(phpbb\\event\\data))\n#2 /var/www/forum/phpbb/event/dispatcher.php(62): Symfony\\Component\\EventDispatcher\\EventDispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#3 /var/www/forum/phpbb/event/dispatcher.php(46): phpbb\\event\\dispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#4 /var/www/forum/phpbb/session.php(304): phpbb\\event\\dispatcher->trigger_event('core.session_ip...', Array)\n#5 /var/www/forum/app.php(2 in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 61, referer: https://domain.com/forum/index.php
I have inspected the traffic comming from my reverse proxy and it is sending the X-Forwarded-For with the client IP.
The exception is probably right, but I just noticed the error message is wrong. It should report the malformed X-Forwarded-For ip, but instead it is reporting the client ip (of the reverse proxy). I will correct this soon.

Line 63 in event/listener.php

Code: Select all

			throw new \Exception('Trust X-Forwarded-For Extension: invalid X-Forwarded-For IP: ' . $ip);
Should become:

Code: Select all

			throw new \Exception('Trust X-Forwarded-For Extension: invalid X-Forwarded-For IP: ' . $forwarded_for);
Manick_swe
Registered User
Posts: 13
Joined: Wed Feb 11, 2015 1:05 pm

Re: [3.2][BETA] Trust X-Forwarded-For

Post by Manick_swe »

Here's some of the traffic sniffed on the reverseproxy beeing sent to the forum, headers look okey too?

https://imgur.com/a/nnoxXfM
Manick_swe
Registered User
Posts: 13
Joined: Wed Feb 11, 2015 1:05 pm

Re: [3.2][BETA] Trust X-Forwarded-For

Post by Manick_swe »

martti wrote: Thu Nov 15, 2018 8:56 pm
Manick_swe wrote: Thu Nov 15, 2018 8:41 pm Okey so that seemed to take care of the variable issue but im still getting a 500 error :/

Code: Select all

[Thu Nov 15 20:38:44.532330 2018] [:error] [pid 3890] [client 192.168.0.18:56837] PHP Fatal error:  Uncaught Exception: Trust X-Forwarded-For Extension: invalid X-Forwarded-For IP: 192.168.0.18 in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php:61\nStack trace:\n#0 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(184): marttiphpbb\\trustxforwardedfor\\event\\listener->core_session_ip_after(Object(phpbb\\event\\data), 'core.session_ip...', Object(phpbb\\event\\dispatcher))\n#1 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(46): Symfony\\Component\\EventDispatcher\\EventDispatcher->doDispatch(Array, 'core.session_ip...', Object(phpbb\\event\\data))\n#2 /var/www/forum/phpbb/event/dispatcher.php(62): Symfony\\Component\\EventDispatcher\\EventDispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#3 /var/www/forum/phpbb/event/dispatcher.php(46): phpbb\\event\\dispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#4 /var/www/forum/phpbb/session.php(304): phpbb\\event\\dispatcher->trigger_event('core.session_ip...', Array)\n#5 /var/www/forum/app.php(2 in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 61, referer: https://domain.com/forum/index.php
I have inspected the traffic comming from my reverse proxy and it is sending the X-Forwarded-For with the client IP.
The exception is probably right, but I just noticed the error message is wrong. It should report the malformed X-Forwarded-For ip, but instead it is reporting the client ip (of the reverse proxy). I will correct this soon.

Line 63 in event/listener.php

Code: Select all

			throw new \Exception('Trust X-Forwarded-For Extension: invalid X-Forwarded-For IP: ' . $ip);
Should become:

Code: Select all

			throw new \Exception('Trust X-Forwarded-For Extension: invalid X-Forwarded-For IP: ' . $forwarded_for);
Did the suggested change, looks a bit better but still another error 500 :/

Code: Select all

[Thu Nov 15 21:02:14.169402 2018] [:error] [pid 4901] [client 192.168.0.18:57037] PHP Fatal error:  Uncaught Exception: Trust X-Forwarded-For Extension: invalid X-Forwarded-For IP: 2.71.78.80:51983 in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php:61\nStack trace:\n#0 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(184): marttiphpbb\\trustxforwardedfor\\event\\listener->core_session_ip_after(Object(phpbb\\event\\data), 'core.session_ip...', Object(phpbb\\event\\dispatcher))\n#1 /var/www/forum/vendor/symfony/event-dispatcher/EventDispatcher.php(46): Symfony\\Component\\EventDispatcher\\EventDispatcher->doDispatch(Array, 'core.session_ip...', Object(phpbb\\event\\data))\n#2 /var/www/forum/phpbb/event/dispatcher.php(62): Symfony\\Component\\EventDispatcher\\EventDispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#3 /var/www/forum/phpbb/event/dispatcher.php(46): phpbb\\event\\dispatcher->dispatch('core.session_ip...', Object(phpbb\\event\\data))\n#4 /var/www/forum/phpbb/session.php(304): phpbb\\event\\dispatcher->trigger_event('core.session_ip...', Array)\n#5 /var/www/forum/viewf in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 61, referer: https://www.domain.com/forum/index.php
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

It is the port number. The extension is expecting a list of comma separated ip's, without port numbers. The X-Forwarded-For header isn't standardized and some reverse proxies add ports as it seems. I will change the extension to strip of the port.

Return to “Extensions in Development”