[Mageia-sysadm] forums and reverse proxy

Romain d'Alverny rdalverny at gmail.com
Fri Mar 18 15:34:57 CET 2011


On Fri, Mar 18, 2011 at 15:24, Romain d'Alverny <rdalverny at gmail.com> wrote:
> On Fri, Mar 18, 2011 at 14:28, Michael Scherer <misc at zarb.org> wrote:
>> Le vendredi 18 mars 2011 à 14:04 +0100, Pascal Terjan a écrit :
>>> On Fri, Mar 18, 2011 at 09:54, Maât <maat-ml at vilarem.net> wrote:
>>> > Hi there,
>>> >
>>> > i've found a tiny but painful problem : all users are seens coming from internel proxy ip.
>>> >
>>> > i hope this is easy to solve because atm we are unable to differenciate upers ip... this will prevent us from using many moderation tools like ip banning or multiple accounts detection :-(
>>> >
>>> > Please help/comment/advice...
>>>
>>> I would expect such proxy to set a X-Forwarded-For header
>>
>> It does :
>> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers
>
> So that would be for phpbb to take this into account (and I believe
> that would be an upstreamable patch). We did use this for mdv wiki as
> it was behind at least one level of proxy-cache.
>
> Maat do you have a pointer of where this would be used in the code already?

Ok, sorry, a quick grep did it:

$ grep -Hrn "REMOTE_ADDR" .
./phpBB/includes/session.php:270:               $this->ip =
(!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string)
$_SERVER['REMOTE_ADDR']) : '';
./phpBB/includes/session.php:276:               // Default IP if
REMOTE_ADDR is invalid
./phpBB/install/database_update.php:121:$user->ip =
(!empty($_SERVER['REMOTE_ADDR'])) ?
htmlspecialchars($_SERVER['REMOTE_ADDR']) : '';
./phpBB/install/install_install.php:1238:               $user_ip =
(!empty($_SERVER['REMOTE_ADDR'])) ?
htmlspecialchars($_SERVER['REMOTE_ADDR']) : '';
./tests/security/all_tests.php:35:
$_SERVER['REMOTE_ADDR']         = '127.0.0.1';

Anyway, similar issue here:
http://www.phpbb.com/community/viewtopic.php?f=46&t=2100572&start=15

Romain


More information about the Mageia-sysadm mailing list