XF 1.2 when ip banning users it shows wrong ip

XxUnkn0wnxX

Active member
i think this has been a problem for a while but have not noticed it till now

apparently i did some tests i know what my actual external ip is but when i go to admin panel go to my user name and click on ip addresses i see mine original ip like 1-2 weeks old even i logged into it now and is see many other ip address that are not mine. when i trace them they all go to cloudflare inc, since i use cloudflare as my dns and WAF + performance increases.

i also recently installed this add one: http://xenforo.com/community/resources/xenloginsecurity-ip-address-account-login-security.1194/

to increase security when i add my original ip i get when i google whats my ip and log out and back in it say invalid ip but when i add the ip that does not belong to be and traces back to cloudflare it lets me login.

its like every one who logs in is sharing a random given spoofed ip address and this makes it hard to ip ban people especially since every one has a turn at using these spoofed ip address from cloudflare. so i am unsure how to stop this since i only want to see the actual ip not some spoofed/hidden random ip <-- this happens to everyone who logs into my site
 

XxUnkn0wnxX

Active member
so the main problem is that something is spoofing every ones ip address when they log into my site and i don't know who is who or it another xenforo system mess up that needs to be fixed
 

Kent

Active member
If you're using CloudFlare add this to the end of your config.php

PHP:
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP']; }
source: https://support.cloudflare.com/hc/en-us/articles/200170736-How-do-I-restore-original-visitor-IP-with-XenForo-

If you're still getting CloudFlare IP's on your site, you should contact your host.
You must match against https://www.cloudflare.com/ips, since anyone can set that header.
And if possible, this should be done by the webserver.
 
Top