[3.2][3.3][BETA] Trust X-Forwarded-For

A place for Extension Authors to post and receive feedback on Extensions still in development. No Extensions within this forum should be used within a live environment!
Anti-Spam Guide
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: Extensions Development rules

IMPORTANT FOR NEEDED EVENTS!!!
If you need an event for your extension please read this for the steps to follow to request the event(s)
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

_joaquim_ wrote: Mon Jun 06, 2022 6:28 pm after installing it gives error 500

php 7.4.29
phpbb 3.3.7
That's still not very precise.

It could be that the extension is throwing one of these two exceptions:
  • Trust X-Forwarded-For Extension: Untrusted IP: <ip>
  • Trust X-Forwarded-For Extension: invalid X-Forwarded-For:
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

So you need be sure before enabling the extension that your reverse proxy sets a X-Forwarded-For header and know the IP of your reverse proxy, which then you configure the to be trusted.

If you are stuck, you can always comment or delete the content of the core_session_ip_after() function in the
ext/marttiphpbb/trustxforwardedfor/event/listener.php file in order to get your board up again and to disable the extension.

Or even simpler, disable the subscribed events (same file) by returning an empty array:

Code: Select all

	static public function getSubscribedEvents()
	{
                return [];    // add this line to disable the extension.
		return [
			'core.session_ip_after'		=> 'core_session_ip_after',
		];
	}
Last edited by martti on Mon Jun 06, 2022 7:32 pm, edited 4 times in total.
_joaquim_
Translator
Posts: 45
Joined: Mon Jan 25, 2016 12:02 am

Re: [3.2][BETA] Trust X-Forwarded-For

Post by _joaquim_ »

ok i will try it thanks a lot
Ajuda a fazer traduções em português em
http://www.phpbb-pt.com/
User avatar
shortmort37
Registered User
Posts: 674
Joined: Sat Aug 26, 2006 8:40 pm
Location: Upper Darby, PA, USA
Name: Dan Morton

Re: [3.2][BETA] Trust X-Forwarded-For

Post by shortmort37 »

Here's my story - I've moved to a new VPS which employed nginx, up until a few days ago. I was having an issue with logins, described here. Disabling nginx caching didn't help; however, when nginx was removed, the login issue went away. My suspicion is that it has to do with the reverse proxy report of my server's IP as every client, rather than the caching aspect.

So currently, I have nginx removed. I was successful in being able to set MARTTIPHPBB_TRUSTXFORWARDEDFOR_IPS to my IP, as reported by this env.php script:

<? $site_path_var = $_SERVER["MARTTIPHPBB_TRUSTXFORWARDEDFOR_IPS"];
echo $site_path_var; ?>


But when I enable this extension, I start getting 500 errors. (I resolved by going into the database and setting the extension to disabled, and clearing the cache.)
martti wrote: Mon Jun 06, 2022 7:22 pm So you need be sure before enabling the extension that your reverse proxy sets a X-Forwarded-For header and know the IP of your reverse proxy, which then you configure the to be trusted.
Hmmm... I take it that without nginx, I'm not going to get this header, and that breaks everything. So I have to reintroduce the problem that nginx causes, in order to test this extension. Have I summarized correctly? And, how do I configure this IP to be trusted? By whom? Sorry, newbie here.

Sorry for the ask - but, is there any way to make this extension innocuous, in the absence of an X-Forwarded-For header?

Dan
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

shortmort37 wrote: Tue Aug 23, 2022 2:40 pm Hmmm... I take it that without nginx, I'm not going to get this header, and that breaks everything. So I have to reintroduce the problem that nginx causes, in order to test this extension. Have I summarized correctly? And, how do I configure this IP to be trusted? By whom? Sorry, newbie here.
This extension is only for when you have a reverse proxy, otherwise it useless (and indeed will block your site). This extension is meant for registering the user IPs, which you wouldn't get if you are behind a reverse proxy.
shortmort37 wrote: Tue Aug 23, 2022 2:40 pm Sorry for the ask - but, is there any way to make this extension innocuous, in the absence of an X-Forwarded-For header?
Dan
No, but if you don't deploy a reverse proxy the user IPs are already registered by your board.
User avatar
shortmort37
Registered User
Posts: 674
Joined: Sat Aug 26, 2006 8:40 pm
Location: Upper Darby, PA, USA
Name: Dan Morton

Re: [3.2][BETA] Trust X-Forwarded-For

Post by shortmort37 »

martti wrote: Tue Aug 23, 2022 2:57 pm
shortmort37 wrote: Tue Aug 23, 2022 2:40 pm Sorry for the ask - but, is there any way to make this extension innocuous, in the absence of an X-Forwarded-For header?
Dan
No, but if you don't deploy a reverse proxy the user IPs are already registered by your board.
Understood; but in a situation like mine, I have to first break my board (by reintroducing nginx) before I can test if this extension will fix it. Might it not be useful, if the extension finds no X-Forwarded-For header (because there is no reverse proxy, or it's been disabled), to simply do nothing?

Just a suggestion. In any event, I plan to asking my managed hosting provider to reinstall nginx, so I can test the extension. Thanks much.

Dan
User avatar
martti
Registered User
Posts: 914
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: [3.2][BETA] Trust X-Forwarded-For

Post by martti »

shortmort37 wrote: Tue Aug 23, 2022 3:31 pm
martti wrote: Tue Aug 23, 2022 2:57 pm
No, but if you don't deploy a reverse proxy the user IPs are already registered by your board.
Understood; but in a situation like mine, I have to first break my board (by reintroducing nginx) before I can test if this extension will fix it. Might it not be useful, if the extension finds no X-Forwarded-For header (because there is no reverse proxy, or it's been disabled), to simply do nothing?

Just a suggestion. In any event, I plan to asking my managed hosting provider to reinstall nginx, so I can test the extension. Thanks much.

Dan
See MDN X-Forwarded-For
The X-Forwarded-For header is untrustworthy when no trusted reverse proxy (e.g., a load balancer) is between the client and server.
The extension ensures that the request is coming from a trustworthy reverse proxie. That's why you have to configure the trusted IP(s) of the trusted reverse proxie.
Before enabling the extension:
  • Be sure the reverse proxie is enabled and sends the X-Forwarded-For header
  • Know the IP of the reverse proxie
  • Configure the reverse proxie IP as an environment variable as described

Return to “Extensions in Development”