1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.2 when ip banning users it shows wrong ip

Discussion in 'Troubleshooting and Problems' started by XxUnkn0wnxX, Nov 29, 2013.

  1. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    i think this has been a problem for a while but have not noticed it till now

    apparently i did some tests i know what my actual external ip is but when i go to admin panel go to my user name and click on ip addresses i see mine original ip like 1-2 weeks old even i logged into it now and is see many other ip address that are not mine. when i trace them they all go to cloudflare inc, since i use cloudflare as my dns and WAF + performance increases.

    i also recently installed this add one: http://xenforo.com/community/resources/xenloginsecurity-ip-address-account-login-security.1194/

    to increase security when i add my original ip i get when i google whats my ip and log out and back in it say invalid ip but when i add the ip that does not belong to be and traces back to cloudflare it lets me login.

    its like every one who logs in is sharing a random given spoofed ip address and this makes it hard to ip ban people especially since every one has a turn at using these spoofed ip address from cloudflare. so i am unsure how to stop this since i only want to see the actual ip not some spoofed/hidden random ip <-- this happens to everyone who logs into my site
  2. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    so the main problem is that something is spoofing every ones ip address when they log into my site and i don't know who is who or it another xenforo system mess up that needs to be fixed
  3. Adam Howard

    Adam Howard Well-Known Member

    XxUnkn0wnxX likes this.
  4. Kent

    Kent Active Member

    You must match against https://www.cloudflare.com/ips, since anyone can set that header.
    And if possible, this should be done by the webserver.
  5. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    ok this seemed to work + i installed mod_cloudflare for my apache
    Adam Howard likes this.

Share This Page