Creating and modifying plugins.
FishNiX
Regular
Posts: 40 Joined: Sun Sep 02, 2007 6:32 pm
Post
by FishNiX » Wed Sep 05, 2012 1:12 am
I have a varnish cache in front of S9Y. It's is inserting X-Forwarded-For headers. Apache sees these headers fine and logs them with a combination of
Code: Select all
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
and
Code: Select all
CustomLog "/var/log/httpd/awesomesite_access_log" combined env=!forwarded
CustomLog "/var/log/httpd/awesomesite_access_log" proxy env=forwarded
BUT, S9Y and/or Spam Protector does not see the X-Forwarded-For. I see in the plugin:
Code: Select all
'user_ip' => $_SERVER['REMOTE_ADDR'] != getenv('SERVER_ADDR') ? $_SERVER['REMOTE_ADDR'] : getenv('HTTP_X_FORWARDED_FOR'),
and so it should work I think.... perhaps HTTP_X_FORWARDED_FOR is not set properly?
Thanks as always!
garvinhicking
Core Developer
Posts: 30022 Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:
Post
by garvinhicking » Mon Sep 17, 2012 10:42 am
Hi!
I think the PHP code simply does not use the header, because "REMOTE_ADDR" matches in your cases for both ENV/SERVER vars. For your case, you might want to use:
Code: Select all
'user_ip' => getenv('HTTP_X_FORWARDED_FOR') != '' ? getenv('HTTP_X_FORWARDED_FOR') : $_SERVER['REMOTE_ADDR'],
?
Regards,
Garvin
FishNiX
Regular
Posts: 40 Joined: Sun Sep 02, 2007 6:32 pm
Post
by FishNiX » Sun Jan 20, 2013 12:10 am
That worked - I had to make sure each instance looked for HTTP_X_FORWARDED_FOR first.
Code: Select all
645c645,646
< 'user_ip' => $_SERVER['REMOTE_ADDR'] != getenv('SERVER_ADDR') ? $_SERVER['REMOTE_ADDR'] : getenv('HTTP_X_FORWARDED_FOR'),
---
> #'user_ip' => $_SERVER['REMOTE_ADDR'] != getenv('SERVER_ADDR') ? $_SERVER['REMOTE_ADDR'] : getenv('HTTP_X_FORWARDED_FOR'),
> 'user_ip' => getenv('HTTP_X_FORWARDED_FOR') != '' ? getenv('HTTP_X_FORWARDED_FOR') : $_SERVER['REMOTE_ADDR'],
748c749,751
< $this->htaccess_update($_SERVER['REMOTE_ADDR']);
---
> #$this->htaccess_update($_SERVER['REMOTE_ADDR']);
> $user_address = getenv('HTTP_X_FORWARDED_FOR') != '' ? getenv('HTTP_X_FORWARDED_FOR') : $_SERVER['REMOTE_ADDR'];
> $this->htaccess_update($user_address);
870c873
<
---
> $user_address = getenv('HTTP_X_FORWARDED_FOR') != '' ? getenv('HTTP_X_FORWARDED_FOR') : $_SERVER['REMOTE_ADDR'];
998c1001
< $sender_ip = preg_replace('/[^0-9.]/', '', $_SERVER['REMOTE_ADDR'] );
---
> $sender_ip = preg_replace('/[^0-9.]/', '', $user_address );
1258c1261
< if ( $this->get_config('bodyclone', true) === true && $_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR'] && $addData['type'] != 'PINGBACK') {
---
> if ( $this->get_config('bodyclone', true) === true && $user_address != $_SERVER['SERVER_ADDR'] && $addData['type'] != 'PINGBACK') {
1272c1275
< $query = "SELECT max(timestamp) AS last_post FROM {$serendipity['dbPrefix']}comments WHERE ip = '" . serendipity_db_escape_string($_SERVER['REMOTE_ADDR']) . "'";
---
> $query = "SELECT max(timestamp) AS last_post FROM {$serendipity['dbPrefix']}comments WHERE ip = '" . serendipity_db_escape_string($user_address) . "'";
1577a1581
> $user_address = getenv('HTTP_X_FORWARDED_FOR') != '' ? getenv('HTTP_X_FORWARDED_FOR') : $_SERVER['REMOTE_ADDR'];
1603c1607
< $_SERVER['REMOTE_ADDR'],
---
> $user_address,
1628c1632
< serendipity_db_escape_string($_SERVER['REMOTE_ADDR']),
---
> serendipity_db_escape_string($user_address),