Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

JoomlaTune Support Forum    JComments component    Suggestions, Wishlists & Feature Requests    Topic: IP address logging behind proxy using X-Forwarded-For
Pages: [1]   Go Down
  Print  
Author Topic: IP address logging behind proxy using X-Forwarded-For  (Read 9799 times)
0 Members and 1 Guest are viewing this topic.
padanius
Newbie
*

Karma: 0
Offline Offline

Posts: 4


« on: June 28, 2010, 20:13:34 »

Hi,

when Joomla is behind a proxy or cache accelerator the logged IP number is that of the proxy, not that of the user.

You may modify the code in /components/com_jcomments/jcomments.class.php in order to log the correct IP of the user, as follows:

1) locate and comment this line :

//  $this->userIP           = $_SERVER['REMOTE_ADDR'];// getenv('REMOTE_ADDR');

and replace it with :

// start proxy IP mod by AEC 20100628
                $headers = apache_request_headers();
                if (array_key_exists('X-Forwarded-For', $headers)){
                $this->userIP=$headers['X-Forwarded-For'] . ' via ' . $_SERVER["REMOTE_ADDR"];
                        } else {
                                $this->userIP=$_SERVER["REMOTE_ADDR"];
                                }
// end proxy IP mod by AEC 20100628


2) edit the field IP in the jos_jcomments table and increase the size to at least 45 ( varchar(45) ). If you have multiple proxies, you may have all proxies IPs plus the client IP inserted in this variable.

Just a note: X-Forwarded-For is usally added by teh proxy (if enabled to do so) but it may be spoofed, so there is no guarantee that the recorded IP is the real one, but at least for the good guys it will be OK; and you can always double check your proxy log with all the info collected here.

Hope the developers can add this to the meanstream code in future updates.

Enjoy!

AEC
Logged
smart
Administrator
Hero Member
*****

Karma: 178
Offline Offline

Gender: Male
Posts: 1881



WWW
« Reply #1 on: June 28, 2010, 20:42:52 »

In development branch I've already implemented IP ban feature. This feature allows to administrators to add comment author's IP to blocklist and prevent him to post comments. The blocklist table also has IP field same size as jos_jcomments and I make checks by comparing value of current user's IP with values in blocklist table.

If we will include this modification we will need to compare not one IP but some magic string with a number of IPs... Or we will need to insert into blocklist all IPs (user IP, proxy IP) and compare all of them. I think that in this case it would be no so effective. Or no? Have you any idea how to make it more fast and usable?

As possible solutuon we could add proxy_ip field to jos_jcomments and store there an additional information about proxies IP's.
Logged

If you use JComments, please post a rating and a review at the Joomla! Extensions Directory
padanius
Newbie
*

Karma: 0
Offline Offline

Posts: 4


« Reply #2 on: June 29, 2010, 18:18:07 »

I think the best way to be compatible would be to get the "new" value of IPs by parsing the IP field, then get each IP and  excluding what comes after the "via XXX.XXX.XXX.XXX" (you do not want to exclude your own proxy) comparing each value against the list of block IPs.


For example, you could just filter the first string before a space in the ip field:

i.e. ip can be either:
85.18.87.185 via XXX.YYY.ZZZ.NNN
or:
85.18.87.185


if ip(value) contains "via"
 then IP=extract IP before " via" // 85.18.87.185 via XXX.YYY.ZZZ.NNN
 else
  IP=ip(value) //  85.18.87.185
fi


In general, if you do not take care of X-Forwarded-for to extract the real user IP , you will not be able to block IPs if the server is behind a proxy.

AEC
Logged
smart
Administrator
Hero Member
*****

Karma: 178
Offline Offline

Gender: Male
Posts: 1881



WWW
« Reply #3 on: June 29, 2010, 19:17:58 »

Hm... But we've some problem...

If some user visit site and his local ip will be 192.168.21.0 and his proxy 123.123.123.123 we will've string: "192.168.21.0 via 123.123.123.123".  And if we will ban '192.168.21.0' it blocks ALL users who has same internal IP... From other side if we will ban 123.123.123.123 - it will block all users who use same proxy... So we will need use both values?
Logged

If you use JComments, please post a rating and a review at the Joomla! Extensions Directory
Pages: [1]   Go Up
  Print  
JoomlaTune Support Forum    JComments component    Suggestions, Wishlists & Feature Requests    Topic: IP address logging behind proxy using X-Forwarded-For
 
Jump to: