XF 1.4 Many IPs appear as 127.0.0.1

[Valvar]

We've been having a lot of trouble with spam recently. I suspect it is because IPs that would normally be blacklisted appear as local IPs. Has this happened to anyone else, and is there any way to fix this behaviour? I have a feeling that it may be related to SSL, but I have no clue...

 

[Mike]

The only way this would happen is if you are doing something in config.php to change the IP (or an add-on is). Or if that is actually the real IP (requests coming from the same server). A third option would actually be for this to be from the server itself misreporting, likely due to a misconfiguration.

Have you setup anything in config.php to change $_SERVER['REMOTE_ADDR']? Does this still happen with add-ons disabled?

 

[Valvar]

I only have the database access information in my config.php. The problem remains when I disable addons (with
$config['enableListeners'] = 0; ). Strangely enough bots seem to always have their IP correctly reported, while most users show as 127.0.0.1.

 

[Mike]

Does your own IP show correctly on your posts? If not, go to admin.php?tools/phpinfo and look for "REMOTE_ADDR" entries. What do they list?

 

[Valvar]

My own IP is listed as 127.0.0.1 localhost under post information, and REMOTE_ADDR contains 127.0.0.1.

 

[RobParker]

Are you using a reverse proxy type thing? When we had Apache/NGINX in a certain config we were seeing the same thing.

 

[Valvar]

Are you using a reverse proxy type thing? When we had Apache/NGINX in a certain config we were seeing the same thing.

Beyond the built-in image and link proxy, I am not aware of having activated any such feature...

 

[Mike]

It's worth contacting your host about this then. It would be down to how they have configured the system (presuming they have).

 

[Valvar]

It's worth contacting your host about this then. It would be down to how they have configured the system (presuming they have).

I got the following response from my host:

This is a side effect of the way our system implements SSL. You can get the full IP information. including any and all proxies like SSL, by consulting the REMOTE_HOST variable instead of REMOTE_ADDR.

Thanks,
Jeff

How can I make use of this solution? I suspect that it may be useful to others, as NearlyFreeSpeech (my host) is fairly widely used, and there may be other hosts using similar implementations of SSL.

Thanks!

 

[Mike]

That's a weird setup and not one that I've heard of before. Can you confirm that the _SERVER["REMOTE_HOST"] entry on the phpinfo page mentioned above has the correct IP?

 

[Valvar]

The contents of _SERVER["REMOTE_HOST"] are: 81.***.***.**3, 127.0.0.1 (the stars are just censored digits from my IP, which does indeed display correctly). So it lists both my IP and 127.0.0.1 after a comma.

 

[Mike]

Try adding this to your config.php:

if (!empty($_SERVER['REMOTE_HOST']))
{
    $ips = explode(',', $_SERVER['REMOTE_HOST']);
    $_SERVER['REMOTE_ADDR'] = trim($ips[0]);
}

 

[Valvar]

That causes the entire forum to thow:

Parse error: syntax error, unexpected '$_SERVER' (T_VARIABLE) in /home/public/library/config.php on line 21

 

[Mike]

Oops, I edited the code to be correct -- was missing a ",".

 

[Valvar]

Oops, I edited the code to be correct -- was missing a ",".

Yes, this does seem to have fixed it! Thank you very much!