Deebs
Well-known member
XenForo does not support the logging of remote IP addresses of users accessing the system through any form of proxy. Inside /library/xenforo/controller.php are a few areas where the ZendFramework function getclientip is called. Unfortunately all calls to this function pass in FALSE which is telling ZF to not check for certain headers to see if the connecting IP has been proxied.
Please override this function and allow within the ACP the ability to specify our own header to check for proxied IP addresses. Why our own? It is very easy to spoof but in my Varnish cache I can set any header I want to the real IP, tell XF the name of it, record the real IP and strip it out of any returned headers to the connecting IP.
For the majority of users simply allowing an input box and a checkbox (header to check for, check for headers) will suffice.
For now I shall have to modify the ZF source file to accomodate.
Btw, this will also fix the issues in this thread:
http://xenforo.com/community/threads/remote_addr.13180/
Please override this function and allow within the ACP the ability to specify our own header to check for proxied IP addresses. Why our own? It is very easy to spoof but in my Varnish cache I can set any header I want to the real IP, tell XF the name of it, record the real IP and strip it out of any returned headers to the connecting IP.
For the majority of users simply allowing an input box and a checkbox (header to check for, check for headers) will suffice.
For now I shall have to modify the ZF source file to accomodate.
Btw, this will also fix the issues in this thread:
http://xenforo.com/community/threads/remote_addr.13180/
Upvote
0