XF 1.3 Varnish and XenForo

[Karelke]

We are using Varnish as frontend server and Apache for the backend. This means $_SERVER['REMOTE_ADDR'] will always return 127.0.0.1 (i.e. the localhost address). The real client ip address however is available in the "X-Forwarded-For" header.

Now, browsing through the XenForo code, it seems there is some sort of support for X-Forwarded-For in Zend_Controller_Request_Http::getClientIp($checkProxy); the problem is this method is almost always called with the $checkProxy parameter false (see screenshot below). A simple "echo $request->getClientIp(false)" on the homepage indeed returns 127.0.0.1 so this won't work.

I would like to propose a solution for this issue. We are using Symfony 2 for our main website and this framework has support for trusting proxies. Have a look:

1) Configure the ip address of the proxy server:
http://symfony.com/doc/current/components/http_foundation/trusting_proxies.html
http://symfony.com/doc/current/refe...work.html#reference-framework-trusted-proxies

2) Check if the "X-Forwarded-For" header is valid in getClientIp():
https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/Request.php#L782
https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/Request.php#L813

It would be extremely helpful if XenForo could provide support for this.

 

[Mike]

At this point, we generally recommend that people set $_SERVER['REMOTE_ADDR'] as needed in config.php (using whatever logic is appropriate for your setup).

 

[Karelke]

Thanks for your reply @Mike

For now, we will set $_SERVER['REMOTE_ADDR'] by calling a PHP script before the forum software loads:

<Directory "/var/www/xenforo/">
    php_value auto_prepend_file "/my/path/ip.php"
</Directory>

http://docs.php.net/manual/en/ini.core.php#ini.auto-prepend-file

Still, it would be nice if XenForo would provide proxy support in the nearby future.