• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.4 Many IPs appear as 127.0.0.1

#1
We've been having a lot of trouble with spam recently. I suspect it is because IPs that would normally be blacklisted appear as local IPs. Has this happened to anyone else, and is there any way to fix this behaviour? I have a feeling that it may be related to SSL, but I have no clue...
 

Mike

XenForo developer
Staff member
#2
The only way this would happen is if you are doing something in config.php to change the IP (or an add-on is). Or if that is actually the real IP (requests coming from the same server). A third option would actually be for this to be from the server itself misreporting, likely due to a misconfiguration.

Have you setup anything in config.php to change $_SERVER['REMOTE_ADDR']? Does this still happen with add-ons disabled?
 
#3
I only have the database access information in my config.php. The problem remains when I disable addons (with
$config['enableListeners'] = 0; ). Strangely enough bots seem to always have their IP correctly reported, while most users show as 127.0.0.1.
 

Mike

XenForo developer
Staff member
#4
Does your own IP show correctly on your posts? If not, go to admin.php?tools/phpinfo and look for "REMOTE_ADDR" entries. What do they list?
 

Mike

XenForo developer
Staff member
#8
It's worth contacting your host about this then. It would be down to how they have configured the system (presuming they have).
 
#9
It's worth contacting your host about this then. It would be down to how they have configured the system (presuming they have).
I got the following response from my host:

This is a side effect of the way our system implements SSL. You can get the full IP information. including any and all proxies like SSL, by consulting the REMOTE_HOST variable instead of REMOTE_ADDR.

Thanks,
Jeff
How can I make use of this solution? I suspect that it may be useful to others, as NearlyFreeSpeech (my host) is fairly widely used, and there may be other hosts using similar implementations of SSL.

Thanks!
 

Mike

XenForo developer
Staff member
#10
That's a weird setup and not one that I've heard of before. Can you confirm that the _SERVER["REMOTE_HOST"] entry on the phpinfo page mentioned above has the correct IP?
 
#11
The contents of _SERVER["REMOTE_HOST"] are: 81.***.***.**3, 127.0.0.1 (the stars are just censored digits from my IP, which does indeed display correctly). So it lists both my IP and 127.0.0.1 after a comma.
 

Mike

XenForo developer
Staff member
#12
Try adding this to your config.php:

Code:
if (!empty($_SERVER['REMOTE_HOST']))
{
    $ips = explode(',', $_SERVER['REMOTE_HOST']);
    $_SERVER['REMOTE_ADDR'] = trim($ips[0]);
}
 
Last edited:
#13
That causes the entire forum to thow:

Code:
Parse error: syntax error, unexpected '$_SERVER' (T_VARIABLE) in /home/public/library/config.php on line 21