class_core.php: HTTP_X_FORWARDED_FOR

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Archimedes
    Member
    • Dec 2003
    • 77
    • 3.8.x

    class_core.php: HTTP_X_FORWARDED_FOR

    Hi everybody!

    I have seen in the class_core.php there is a proxy detection implemented in vBulletin. I use pound as software load balancer, which delivers the client IP as HTTP_X_FORWARDED_FOR.

    But the alt_ip = ip code doesn't work.
    All my users&visitors get the ip of pound (REMOTE_ADDR)
    And I get password false trouble for all users (because only one IP for all visitors/users)

    Perhaps there is a bug? My load balancer does have a 87.1xx.xx.xx IP - not an interal IP.

    Perhaps you see a solution or if there is a bug - please correkt it


    Code:
    	/**
    	* Fetches an alternate IP address of the current visitor, attempting to detect proxies etc.
    	*
    	* @return	string
    	*/
    	function fetch_alt_ip()
    	{
    		if (isset($_SERVER['HTTP_CLIENT_IP']))
    		{
    			$alt_ip = $_SERVER['HTTP_CLIENT_IP'];
    		}
    		else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
    		{
    			// make sure we dont pick up an internal IP defined by RFC1918
    			foreach ($matches[0] AS $ip)
    			{
    				if (!preg_match("#^(10|172\.16|192\.168)\.#", $ip))
    				{
    					$alt_ip = $ip;
    					break;
    				}
    			}
    		}
    		else if (isset($_SERVER['HTTP_FROM']))
    		{
    			$alt_ip = $_SERVER['HTTP_FROM'];
    		}
    		else
    		{
    			$alt_ip = $_SERVER['REMOTE_ADDR'];
    		}
    
    		return $alt_ip;
    	}
    }
    Last edited by Archimedes; Sun 2 Apr '06, 1:07am.
  • Colin F
    Senior Member
    • May 2004
    • 17689

    #2
    As per the code, vBulletin will only fetch that IP if
    $_SERVER['HTTP_CLIENT_IP'] isn't set.

    If you think it's a bug you can post in the bug tracker though, so that the developers will look into it for sure.
    Best Regards
    Colin Frei

    Please don't contact me per PM.

    Comment

    • Archimedes
      Member
      • Dec 2003
      • 77
      • 3.8.x

      #3
      But there is a
      else if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])

      This should work or shouldn't it? But it doesn't work...

      Comment

      • Colin F
        Senior Member
        • May 2004
        • 17689

        #4
        Sure, but it's an ELSE if, thus if $_SERVER['HTTP_CLIENT_IP'] is set, it won't check that.
        Best Regards
        Colin Frei

        Please don't contact me per PM.

        Comment

        • Paul M
          Former Lead Developer
          vB.Com & vB.Org
          • Sep 2004
          • 9886

          #5
          Use this ;



          It detects the http variable and sets vb to use it everywhere.
          Baby, I was born this way

          Comment

          • Scott MacVicar
            Former vBulletin Developer
            • Dec 2000
            • 13286

            #6
            We define the ALT_IP but do not actually use it, its a one line change to use.

            open class_core.php and change
            define('IPADDRESS', $registry->ipaddress);

            to

            define('IPADDRESS', $this->fetch_alt_ip());

            We reference IPADDRESS everywhere in the code.
            Scott MacVicar

            My Blog | Twitter

            Comment

            • Archimedes
              Member
              • Dec 2003
              • 77
              • 3.8.x

              #7
              I think you have meant this:

              Replace
              $registry->ipaddress = $this->fetch_ip();
              define('IPADDRESS', $registry->ipadress);
              with
              $registry->ipaddress = $this->fetch_alt_ip();
              define('IPADDRESS', $registry->alt_ip);
              Last edited by Archimedes; Sun 5 Nov '06, 1:56pm.

              Comment

              • Colin F
                Senior Member
                • May 2004
                • 17689

                #8
                No, the change Scott posted should work correctly.
                Best Regards
                Colin Frei

                Please don't contact me per PM.

                Comment

                • Gabrielt
                  Member
                  • Apr 2007
                  • 96
                  • 3.6.x

                  #9
                  I just installed pound load balancing today and I had to change this at class_core.php (my vBulletin is 3.6.7 PL1):

                  class_core.php

                  From:
                  /**
                  * Fetches the IP address of the current visitor
                  *
                  * @return string
                  */
                  function fetch_ip()
                  {
                  return $_SERVER['REMOTE_ADDR'];
                  }

                  To:

                  /**
                  * Fetches the IP address of the current visitor
                  *
                  * @return string
                  */
                  function fetch_ip()
                  {
                  return (getenv(HTTP_X_FORWARDED_FOR))
                  ? getenv(HTTP_X_FORWARDED_FOR)
                  : getenv(REMOTE_ADDR);
                  }

                  Cheers,
                  Gabriel.

                  Comment

                  • Under_Dog
                    Member
                    • Mar 2007
                    • 60
                    • 3.6.x

                    #10
                    Could someone post an update to the "IP addresses not working due to being behind a load balancer" for 4.1 please?

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...