XF 2.2 Does Convert URLs to page titles expose IP?

questlot

Active member
I just ant to ensure my forum is fully secured from hackers and DDOS attack. Enabling Convert URLs to page titles will it expose my forum origin IP address even when am using cloudflare?
 
A proxy is not necessary unless you are hiding your server IP behind a reverse proxy. If you are hiding your server IP behind a reverse proxy, there are several precautions you would need to take to ensure it does not leak, including configuring the HTTP client to use a forward proxy and using a mail server which does not include the origin IP in message headers.
 
Thank you for this technical clarification which managed to confuse me a little more! 😁
I have no idea if my server is behind a reverse proxy, I will approach my web host.
 
Oh ok, well i use CloudFlare so... What i have to do now ? Or what can i do ?
Sorry guys i'm lost about this option and to be honest i don't know what is the purpose of it even reading the option description...

What do most XF users do regardless of the reverse proxy? Do they activate it and do what is necessary to make it safe or does it not activate it?
 
Are you concerned about exposing the server IP address?

If not, you don't need to do anything.
I use cloudflare and I would have loved to enable Convert URLs to page titles but for the fear of not exposing my server IP address I left it disable.

Is there an easy and free way to enable the option without exposing my server IP?
 
Sorry guys i'm lost about this option and to be honest i don't know what is the purpose of it even reading the option description...
It converts URLs in messages to linked page titles. For example, https://example.com would be converted to Example domain. This can provide readers with a better indicator of what the linked content is.

If you're not using a reverse proxy then it doesn't reveal anything that DNS records wouldn't already reveal. If you are using a reverse proxy then any external connection made by XF will reveal your server IP address, including but not limited to this option, unfurls, and the image proxy. If you're not concerned with hiding your server IP address then it doesn't matter. If you are concerned with hiding your server IP address then you would need to configure a proxy.

Is there an easy and free way to enable the option without exposing my server IP?
Not really. You would be revealing your server IP address to the proxy by necessity, so you shouldn't use a proxy you don't trust or control.
 
Any time XF has to connect to an external service for any reason. When you enable this option, XF has to fetch the linked page to get the page title. For unfurls, it has to fetch the linked page to get the title, description, and image. For the image proxy, it has to fetch the image. And so on and so forth.
 
Yes it will. To avoid this you'll want to set up a proxy (like tinyproxy) and configure the use of it in src/config.php:

Can someone clarify what would happen if the tinyproxy fails, for whatever reason, would the website still be accessible and will it expose the IP then? What would need to actually happen for me to worry about the IPs being exposed and for me to act? As I have all this set up but want to know as a precaution.
 
Back
Top Bottom