New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proxy IP in tables #3659

Closed
asmith20002 opened this Issue Nov 2, 2016 · 8 comments

Comments

Projects
None yet
5 participants
@asmith20002
Contributor

asmith20002 commented Nov 2, 2016

Hello,

I've been using 2.1 on a live server behind proxy for a while now. I wanted to ask what is the plan regarding ip columns in tables like messages or log_errors etc etc

Right now instead of the user IP, the server proxy IP is getting stored in those tables. Shall I go ahead and rename the insert ip from ip to ip2?

@jdarwood007

This comment has been minimized.

Show comment
Hide comment
@jdarwood007

jdarwood007 Nov 3, 2016

Member

What is set in Server Settings -> Security for the Proxy settings?

Member

jdarwood007 commented Nov 3, 2016

What is set in Server Settings -> Security for the Proxy settings?

@asmith20002

This comment has been minimized.

Show comment
Hide comment
@asmith20002

asmith20002 Nov 3, 2016

Contributor

HTTP_X_FORWARDED_FOR and the IP of the proxy server.

Currently the IP of the proxy server is getting stored in member_ip column and member_ip2 is storing the real IP of the user.

But messages and log_errors are using the member_ip column, so they're getting filled with the proxy IP.

Contributor

asmith20002 commented Nov 3, 2016

HTTP_X_FORWARDED_FOR and the IP of the proxy server.

Currently the IP of the proxy server is getting stored in member_ip column and member_ip2 is storing the real IP of the user.

But messages and log_errors are using the member_ip column, so they're getting filled with the proxy IP.

@jdarwood007

This comment has been minimized.

Show comment
Hide comment
@jdarwood007

jdarwood007 Nov 3, 2016

Member

That is done on purpose. If you are using this, the ip2 is the ban check ip incase of proxies. If your using a true reverse proxy on your server, your backend should be configured to replace the frontend/reverse proxy server ip with the clients ip.

Member

jdarwood007 commented Nov 3, 2016

That is done on purpose. If you are using this, the ip2 is the ban check ip incase of proxies. If your using a true reverse proxy on your server, your backend should be configured to replace the frontend/reverse proxy server ip with the clients ip.

@asmith20002

This comment has been minimized.

Show comment
Hide comment
@asmith20002

asmith20002 Nov 4, 2016

Contributor

I'm sorry I'm not that familiar with this concept. What is a "true" reverse proxy? I'm hiding behind proxy as a DDOS protection.

If my backend would be configured to replace, so why all the hassle with the proxy settings in admin menu?

Contributor

asmith20002 commented Nov 4, 2016

I'm sorry I'm not that familiar with this concept. What is a "true" reverse proxy? I'm hiding behind proxy as a DDOS protection.

If my backend would be configured to replace, so why all the hassle with the proxy settings in admin menu?

@albertlast

This comment has been minimized.

Show comment
Hide comment
@albertlast

albertlast Sep 21, 2017

Collaborator

can we close this issue?

Collaborator

albertlast commented Sep 21, 2017

can we close this issue?

@asmith20002

This comment has been minimized.

Show comment
Hide comment
@asmith20002

asmith20002 Oct 6, 2017

Contributor

If one doesn't configure his server and only use the proxy settings in current code, it will just fill the database with the proxy server ip address. For example all ip addresses in messages table becomes the server ip which makes functions that handle ip obsolete.

Contributor

asmith20002 commented Oct 6, 2017

If one doesn't configure his server and only use the proxy settings in current code, it will just fill the database with the proxy server ip address. For example all ip addresses in messages table becomes the server ip which makes functions that handle ip obsolete.

@jdarwood007

This comment has been minimized.

Show comment
Hide comment
@jdarwood007

jdarwood007 Dec 20, 2017

Member

As I said, that is done that way as a proxy server is still handling your traffic and passing through a IP. If configuration is not done properly, a proxy server could send false IP information to you.

If you are using a proper reverse proxy configuration, your front end (reverse proxy) and backend (server) would handle this without the application (SMF) even knowing about it.

Member

jdarwood007 commented Dec 20, 2017

As I said, that is done that way as a proxy server is still handling your traffic and passing through a IP. If configuration is not done properly, a proxy server could send false IP information to you.

If you are using a proper reverse proxy configuration, your front end (reverse proxy) and backend (server) would handle this without the application (SMF) even knowing about it.

@albertlast

This comment has been minimized.

Show comment
Hide comment
@albertlast

albertlast Apr 14, 2018

Collaborator

Then close this issue please @Sesquipedalian @colinschoen

Collaborator

albertlast commented Apr 14, 2018

Then close this issue please @Sesquipedalian @colinschoen

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment