• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.2 when ip banning users it shows wrong ip

#1
i think this has been a problem for a while but have not noticed it till now

apparently i did some tests i know what my actual external ip is but when i go to admin panel go to my user name and click on ip addresses i see mine original ip like 1-2 weeks old even i logged into it now and is see many other ip address that are not mine. when i trace them they all go to cloudflare inc, since i use cloudflare as my dns and WAF + performance increases.

i also recently installed this add one: http://xenforo.com/community/resources/xenloginsecurity-ip-address-account-login-security.1194/

to increase security when i add my original ip i get when i google whats my ip and log out and back in it say invalid ip but when i add the ip that does not belong to be and traces back to cloudflare it lets me login.

its like every one who logs in is sharing a random given spoofed ip address and this makes it hard to ip ban people especially since every one has a turn at using these spoofed ip address from cloudflare. so i am unsure how to stop this since i only want to see the actual ip not some spoofed/hidden random ip <-- this happens to everyone who logs into my site
 
#2
so the main problem is that something is spoofing every ones ip address when they log into my site and i don't know who is who or it another xenforo system mess up that needs to be fixed
 

Kent

Active member
#4
If you're using CloudFlare add this to the end of your config.php

PHP:
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP']; }
source: https://support.cloudflare.com/hc/e...o-I-restore-original-visitor-IP-with-XenForo-

If you're still getting CloudFlare IP's on your site, you should contact your host.
You must match against https://www.cloudflare.com/ips, since anyone can set that header.
And if possible, this should be done by the webserver.