[3.2][3.3][BETA] Trust X-Forwarded-For

A place for Extension Authors to post and receive feedback on Extensions still in development. No Extensions within this forum should be used within a live environment!
Ideas Centre
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: Extensions Development rules

IMPORTANT FOR NEEDED EVENTS!!!
If you need an event for your extension please read this for the steps to follow to request the event(s)
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

martti wrote: Thu Nov 15, 2018 9:15 pm It is the port number. The extension is expecting a list of comma separated ip's, without port numbers. The X-Forwarded-For header isn't standardized and some reverse proxies add ports as it seems. I will change the extension to strip of the port.
In event/listener.php

Code: Select all

		$forwarded_for = trim($this->request->header('X-Forwarded-For'));
		$forwarded_for = str_replace(' ', '', $forwarded_for);
		$forwarded_for = explode(',', $forwarded_for);
		$forwarded_for = trim($forwarded_for[count($forwarded_for) - 1]);

		if (!filter_var($forwarded_for, FILTER_VALIDATE_IP))
		{
			throw new \Exception('Trust X-Forwarded-For Extension: invalid X-Forwarded-For: ' . $forwarded_for);
		}
Becomes (one line added before the if-statement)

Code: Select all

		$forwarded_for = trim($this->request->header('X-Forwarded-For'));
		$forwarded_for = str_replace(' ', '', $forwarded_for);
		$forwarded_for = explode(',', $forwarded_for);
		$forwarded_for = trim($forwarded_for[count($forwarded_for) - 1]);
		[$forwarded_for] = explode(':', $forwarded_for);

		if (!filter_var($forwarded_for, FILTER_VALIDATE_IP))
		{
			throw new \Exception('Trust X-Forwarded-For Extension: invalid X-Forwarded-For: ' . $forwarded_for);
		}
Manick_swe
Registered User
Posts: 13
Joined: Wed Feb 11, 2015 1:05 pm

Re: [3.2][BETA] Trust X-Forwarded-For

Post by Manick_swe »

Gave it a go and it looks like its getting closer.

Pasted the code as you wrote it with the [] around $forwarded_for, this gave me the following error:

Code: Select all

[Thu Nov 15 21:25:52.735467 2018] [:error] [pid 3890] [client 192.168.0.18:57302] PHP Parse error:  syntax error, unexpected '=' in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 59, referer: https://www.domain.com/forum/viewforum.php?f=3
So i removed the [] and instead of an error 500, i got this in the browser:

Code: Select all

[phpBB Debug] PHP Notice: in file [ROOT]/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 63: Array to string conversion
Manick_swe
Registered User
Posts: 13
Joined: Wed Feb 11, 2015 1:05 pm

Re: [3.2][BETA] Trust X-Forwarded-For

Post by Manick_swe »

Bingo! :D

Had a look in my reverseproxy and i could disable "Include TCP port from client" so i did.
Image


Then i reverted back to this code:

Code: Select all

$forwarded_for = trim($this->request->header('X-Forwarded-For'));
		$forwarded_for = str_replace(' ', '', $forwarded_for);
		$forwarded_for = explode(',', $forwarded_for);
		$forwarded_for = trim($forwarded_for[count($forwarded_for) - 1]);

		if (!filter_var($forwarded_for, FILTER_VALIDATE_IP))
		{
			throw new \Exception('Trust X-Forwarded-For Extension: invalid X-Forwarded-For: ' . $forwarded_for);
		}
Becomes (one line added before the if-statement)
And voila! It works!
Image

Thanks a million, i have been looking for a solution for this for ages! :)
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

Manick_swe wrote: Thu Nov 15, 2018 9:31 pm Gave it a go and it looks like its getting closer.

Pasted the code as you wrote it with the [] around $forwarded_for, this gave me the following error:

Code: Select all

[Thu Nov 15 21:25:52.735467 2018] [:error] [pid 3890] [client 192.168.0.18:57302] PHP Parse error:  syntax error, unexpected '=' in /var/www/forum/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 59, referer: https://www.domain.com/forum/viewforum.php?f=3
So i removed the [] and instead of an error 500, i got this in the browser:

Code: Select all

[phpBB Debug] PHP Notice: in file [ROOT]/ext/marttiphpbb/trustxforwardedfor/event/listener.php on line 63: Array to string conversion
Ah sorry, the bracket notation works only from PHP 7.1.
https://sebastiandedeyne.com/the-list-f ... ing-in-php

You can use list()

Code: Select all

list($forwarded_for) = explode(':', $forwarded_for);
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

Manick_swe wrote: Thu Nov 15, 2018 9:41 pm Bingo! :D

Had a look in my reverseproxy and i could disable "Include TCP port from client" so i did.
Image


Then i reverted back to this code:

Code: Select all

$forwarded_for = trim($this->request->header('X-Forwarded-For'));
		$forwarded_for = str_replace(' ', '', $forwarded_for);
		$forwarded_for = explode(',', $forwarded_for);
		$forwarded_for = trim($forwarded_for[count($forwarded_for) - 1]);

		if (!filter_var($forwarded_for, FILTER_VALIDATE_IP))
		{
			throw new \Exception('Trust X-Forwarded-For Extension: invalid X-Forwarded-For: ' . $forwarded_for);
		}
Becomes (one line added before the if-statement)
And voila! It works!
Image

Thanks a million, i have been looking for a solution for this for ages! :)
Ok, good!
User avatar
canonknipser
Registered User
Posts: 2096
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs

Re: [3.2][BETA] Trust X-Forwarded-For

Post by canonknipser »

How do you handle IPV6-Adresses? They have : in standard notation -> https://en.wikipedia.org/wiki/IPv6_addr ... esentation
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

canonknipser wrote: Thu Nov 15, 2018 9:46 pm How do you handle IPV6-Adresses? They have : in standard notation -> https://en.wikipedia.org/wiki/IPv6_addr ... esentation
Ah yes, you're right. Indeed, I should limit this extension to X-Forwarded-For headers without port numbers, I think.
Manick_swe
Registered User
Posts: 13
Joined: Wed Feb 11, 2015 1:05 pm

Re: [3.2][BETA] Trust X-Forwarded-For

Post by Manick_swe »

martti wrote: Thu Nov 15, 2018 9:52 pm
canonknipser wrote: Thu Nov 15, 2018 9:46 pm How do you handle IPV6-Adresses? They have : in standard notation -> https://en.wikipedia.org/wiki/IPv6_addr ... esentation
Ah yes, you're right. Indeed, I should limit this extension to X-Forwarded-For headers without port numbers, I think.
Sounds fair, cant see why you would want to get the port number all the way to the forum logs.
User avatar
canonknipser
Registered User
Posts: 2096
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs

Re: [3.2][BETA] Trust X-Forwarded-For

Post by canonknipser »

There is a special notation when using port numbers together with IPV6 -> https://en.wikipedia.org/wiki/IPv6_addr ... dentifiers
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB
pecolard
Registered User
Posts: 1
Joined: Thu Apr 15, 2021 5:58 am

Re: [3.2][BETA] Trust X-Forwarded-For

Post by pecolard »

Hello

Thank you for your extension.
I had to adapt those lines to fetch my internal configuration.
We have Nginx without reverse proxy.
Here is the new code

Code: Select all

$forwarded_for = trim($this->request->header('X-Forwarded-For'));
$forwarded_for = str_replace(' ', '', $forwarded_for);
$forwarded_for = explode(',', $forwarded_for);
foreach($forwarded_for as $key => $ipnginx) {
                if (!filter_var($ipnginx, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
                        unset($forwarded_for[$key]);}
      
mandatti
Registered User
Posts: 1
Joined: Fri Feb 04, 2022 10:48 pm

Re: [3.2][BETA] Trust X-Forwarded-For

Post by mandatti »

Hey there!

First of all, thank for your effort bringing this to life. Just what I was looking for.
Nice job. 8-)

My only question is if it's ok to add my docker host IP 172.17.0.1 onto $trusted_ips, aside with localhost, instead of setting the variable 'MARTTIPHPBB_TRUSTXFORWARDEDFOR_IPS' ,since I'm running phpPP in a container.
My reverse proxy is Caddy2.

Everything is running flawlessly, I just want to be sure if that brings me security concerns.
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

mandatti wrote: Fri Feb 04, 2022 10:59 pm Hey there!

First of all, thank for your effort bringing this to life. Just what I was looking for.
Nice job. 8-)

My only question is if it's ok to add my docker host IP 172.17.0.1 onto $trusted_ips, aside with localhost, instead of setting the variable 'MARTTIPHPBB_TRUSTXFORWARDEDFOR_IPS' ,since I'm running phpPP in a container.
My reverse proxy is Caddy2.

Everything is running flawlessly, I just want to be sure if that brings me security concerns.
Thea's fine, no problem.
_joaquim_
Translator
Posts: 45
Joined: Mon Jan 25, 2016 12:02 am

Re: [3.2][BETA] Trust X-Forwarded-For

Post by _joaquim_ »

the extension does not work phpbb3.3
Ajuda a fazer traduções em português em
http://www.phpbb-pt.com/
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

_joaquim_ wrote: Mon Jun 06, 2022 6:19 pm the extension does not work phpbb3.3
Such a vague description is not very helpful.
_joaquim_
Translator
Posts: 45
Joined: Mon Jan 25, 2016 12:02 am

Re: [3.2][BETA] Trust X-Forwarded-For

Post by _joaquim_ »

after installing it gives error 500

php 7.4.29
phpbb 3.3.7
Ajuda a fazer traduções em português em
http://www.phpbb-pt.com/

Return to “Extensions in Development”