Bug: IP address Tracking #491
Comments
|
You should be able to install the trusted proxy package. |
|
I fixed it with simple workaround: changed variable $ip From: To: Hope it helps. |
|
To cover all the scenarios. I think we should add something like: static private function getClientIP(){
if (array_key_exists('HTTP_X_FORWARDED_FOR', $request)){
return $request->server('HTTP_X_FORWARDED_FOR');
}else if (array_key_exists('REMOTE_ADDR', $request)) {
return $request->server("REMOTE_ADDR");
}else if (array_key_exists('HTTP_CLIENT_IP', $request)) {
return $request->server("HTTP_CLIENT_IP");
}
return '';
} |
|
Unfortunately IP related headers can only be trusted when coming directly from a load balancer or such, as anyone is able to spoof them. If we added this feature to Polr, we would use the package above and you would need to configure the trusted IPs. |
|
If you're using Cloudflare and nginx, see https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-, for Cloudflare and Apache see https://support.cloudflare.com/hc/en-us/articles/203656534-How-do-I-restore-original-visitor-IP-with-Apache-2-4-. |
How to make polr read IP address from X-Forwarded-For?
Below is sample logline:
private_IP (client_IP, proxy_IP's) - - [08/Nov/2018:13:05:15 +0000] "GET /shorturl HTTP/1.1" 301 332 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36"
The text was updated successfully, but these errors were encountered: