-
Notifications
You must be signed in to change notification settings - Fork 894
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: IP address Tracking #491
Comments
You should be able to install the trusted proxy package. |
I fixed it with simple workaround: changed variable $ip From: To: Hope it helps. |
To cover all the scenarios. I think we should add something like: static private function getClientIP(){
if (array_key_exists('HTTP_X_FORWARDED_FOR', $request)){
return $request->server('HTTP_X_FORWARDED_FOR');
}else if (array_key_exists('REMOTE_ADDR', $request)) {
return $request->server("REMOTE_ADDR");
}else if (array_key_exists('HTTP_CLIENT_IP', $request)) {
return $request->server("HTTP_CLIENT_IP");
}
return '';
} |
Unfortunately IP related headers can only be trusted when coming directly from a load balancer or such, as anyone is able to spoof them. If we added this feature to Polr, we would use the package above and you would need to configure the trusted IPs. |
If you're using Cloudflare and nginx, see https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-, for Cloudflare and Apache see https://support.cloudflare.com/hc/en-us/articles/203656534-How-do-I-restore-original-visitor-IP-with-Apache-2-4-. |
How to make polr read IP address from X-Forwarded-For?
Below is sample logline:
private_IP (client_IP, proxy_IP's) - - [08/Nov/2018:13:05:15 +0000] "GET /shorturl HTTP/1.1" 301 332 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36"
The text was updated successfully, but these errors were encountered: