Right IP address in rev-proxy environment

[arturm]

When http server is behind rev-proxy, then IP address point to rev-proxy IP, not real user IP. I propose add small hack:
In /src/commands/connect.class.php after line:

// store the user ip

add lines:

// by AM: adding proxy logging
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
if (empty($ip)) {
$ip = $_SERVER["REMOTE_ADDR"];
}

Now Admin see real user IP.

[phpfreechat]

Thank you it's integrated in 1003 revision.

[datacompboy]

2 arturm: you should install in apache mod_rpaf and you will get correct info in all scripts.

2 kerphi: that _BAD_ idea to use any headers except of REMOTE_ADDR, or add configuration param, that _should_ be disabled by default. Since now I can just spoof my IP on any chat just by adding HTTP_X_FORWARDED_FOR on mine proxy

[phpfreechat]

Thank you datacompboy for your suggestion.
I just applied this patch :

Code: Select all

Modified: trunk/src/commands/connect.class.php
===================================================================
--- trunk/src/commands/connect.class.php        2007-03-29 08:29:05 UTC (rev 1011)
+++ trunk/src/commands/connect.class.php        2007-04-01 11:01:46 UTC (rev 1012)
@@ -43,7 +43,9 @@
    $nickid = $u->nickid;
    $ct->joinChan($nickid, NULL); // join the server
    // store the user ip
-    $ip = isset($_SERVER["HTTP_X_FORWARDED_FOR"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"];
+    $ip = ( $c->get_ip_from_xforwardedfor && isset($_SERVER["HTTP_X_FORWARDED_FOR"])) ?
+      $_SERVER["HTTP_X_FORWARDED_FOR"] :
+      $_SERVER["REMOTE_ADDR"];
    if ($ip == "::1") $ip = "127.0.0.1"; // fix for konqueror & localhost
    $ct->setUserMeta($nickid, 'ip', $ip);
    // store the admin flag

Modified: trunk/src/pfcglobalconfig.class.php
===================================================================
--- trunk/src/pfcglobalconfig.class.php 2007-03-29 08:29:05 UTC (rev 1011)
+++ trunk/src/pfcglobalconfig.class.php 2007-04-01 11:01:46 UTC (rev 1012)
@@ -131,6 +131,14 @@
  var $debugurl            = "";
  var $debug               = false;
  var $debugxajax          = false;
+
+  /**
+   * This parameter is useful when your chat server is behind a reverse proxy that
+   * forward client ip address in HTTP_X_FORWARDED_FOR http header.
+   * see : http://www.phpfreechat.net/forum/viewtopic.php?id=1344
+   */
+  var $get_ip_from_xforwardedfor = false;
+

  // private parameters
  var $_sys_proxies         = array("lock", "checktimeout", "checknickchange", "auth", "noflood", "censor", "log");

[arturm]

Thanks, that patch is useful if chat is installed on server without mod_rpaf and user cannot install any mod.

[danielrigano]

Great tip!