Rasmus Vind
Well-known member
Many people use reverse-proxies these days. Common types are Cloudflare, Varnish, Nginx. Reverse-proxies work just fine with XenForo, however, when looking at the IP log, you will find that ALL registered IPs are by your proxy and not your user.
Because of this, I suggest that we add an option to the Options page allowing you to look at the 'X-Forwarded-For' header stead of REMOTE_ADDR.
Basically, this would add a bit more logic to XenForo_Helper_Ip where it looks at $request->getServer('
HTTP_X_FORWARDED_FOR') and $_SERVER['
HTTP_X_FORWARDED_FOR'] but only if the option was enabled.
I would like the option to exist because many people are not using proxies and if there is no proxy, people can fake their IP with this instead.
I could do this myself if XenForo_Helper_Ip was dynamically loaded like many other classes are. Sadly, it isn't
.
Because of this, I suggest that we add an option to the Options page allowing you to look at the 'X-Forwarded-For' header stead of REMOTE_ADDR.
Basically, this would add a bit more logic to XenForo_Helper_Ip where it looks at $request->getServer('
HTTP_X_FORWARDED_FOR') and $_SERVER['
HTTP_X_FORWARDED_FOR'] but only if the option was enabled.
I would like the option to exist because many people are not using proxies and if there is no proxy, people can fake their IP with this instead.
I could do this myself if XenForo_Helper_Ip was dynamically loaded like many other classes are. Sadly, it isn't
.
Upvote
0
