[Proxy Settings] X-Forwarded-For not recognized

Pandos

  • Living on the edge of Wedge
  • Posts: 635
[Proxy Settings] X-Forwarded-For not recognized
« on May 23rd, 2014, 11:39 AM »
Server is behind a remote proxy. Logs already got the right X-FORWARDED-FOR IP.
In Wedge all users got the IP from the remote proxy (192.168.x.x). Also putting the proxy IP in settings did not change this value.
[Proxy Settings] Re: X-Forwarded-For not recognized
« Reply #1, on May 23rd, 2014, 01:17 PM »
Dig a bit deeper into it. The real IP is saved in DB as IP2. IP1 is the proxy IP :)
# dpkg-reconfigure brain
error: brain is not installed or configured

Nao

  • Dadman with a boy
  • Posts: 16,063

Pandos

  • Living on the edge of Wedge
  • Posts: 635
[Proxy Settings] Re: X-Forwarded-For not recognized
« Reply #3, on May 30th, 2014, 04:23 PM »
No?
If users are behind a reverse proxy the IP should display the right way? Not due to changes to the core?
[Proxy Settings] Re: X-Forwarded-For not recognized
« Reply #4, on May 30th, 2014, 04:28 PM »
Just created a little script to determine the real IP:

Code: [Select]
<?php
echo 'Server IP: ' $_SERVER['SERVER_ADDR'] . '<br />';
echo 
'Your IP: ' $_SERVER['REMOTE_ADDR'];

if(isset(
$_SERVER['HTTP_X_FORWARDED_FOR']))
{
   echo 
'<br />Forwarded For: ' $_SERVER['HTTP_X_FORWARDED_FOR'];
}

echo 
getenv('HTTP_VIA'),"\n";
?>

And here's the output from one user:

Server IP: 192.168.148.9
Your IP: 192.168.148.6
Forwarded For: 87.152.XXX.XXX
VIA:

So enabling forwarded for should do read the forwarded IP, right?

You can test it. You've got access to this server :)

Nao

  • Dadman with a boy
  • Posts: 16,063
[Proxy Settings] Re: X-Forwarded-For not recognized
« Reply #5, on June 3rd, 2014, 01:05 AM »
I understand, but I was just asking, what's best for users? What do you want me to do exactly..?

Pandos

  • Living on the edge of Wedge
  • Posts: 635
[Proxy Settings] Re: X-Forwarded-For not recognized
« Reply #6, on June 3rd, 2014, 01:22 AM »
Change it, that the Forwarded IP is displayed and not 192.168.148.6 behind reverse proxys. :)