Announcement

Collapse
No announcement yet.

IP addresses behind a proxy/loadbalancer?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • IP addresses behind a proxy/loadbalancer?

    So,

    Today our host switched us to a new loadbalancer that masks a clients real IP address.

    The clients IP is forwarded in the _SERVER["HTTP_X_FORWARDED_FOR"] header.

    Needless to say, they didn't tell us about this, and it is a real pain in the butt for us as all of our regs, posts, etc today are via this IP address.

    I haven't delved into the code yet, but have you guys run into this before? Is there an easy way to make vB look at this var instead of REMOTE_ADDR?
    Kyle Christensen
    PbNation.com - one of the biggest and busiest vbulletin forums on the net!

  • #2
    Originally posted by KrON View Post
    So,

    Today our host switched us to a new loadbalancer that masks a clients real IP address.

    The clients IP is forwarded in the _SERVER["HTTP_X_FORWARDED_FOR"] header.

    Needless to say, they didn't tell us about this, and it is a real pain in the butt for us as all of our regs, posts, etc today are via this IP address.

    I haven't delved into the code yet, but have you guys run into this before? Is there an easy way to make vB look at this var instead of REMOTE_ADDR?
    For now, I just hacked the fetch_ip() function to:

    return $this->fetch_alt_ip();

    Which isn't an optimal solution, is there a reason this isn't an option if fetch_alt_ip() exists?
    Kyle Christensen
    PbNation.com - one of the biggest and busiest vbulletin forums on the net!

    Comment


    • #3
      Hi Kron,

      I am facing the same problem too. Now i have modified httpd.conf so that it would log the real client IP address which was stored in the http header.

      But how do i make vbulletin to look for it?

      It seems that vbulletin does not find the client source based on the log file.

      Thanks
      Edy

      Comment


      • #4
        Easiest thing to do is to just overwrite REMOTE_ADDR with HTTP_X_FORWARDED_FOR in config.php, if it's set. As the latter is spoofable, we don't use it as the only source of session validation.

        If you're using Apache, mod_rpaf does exactly what you're looking for at the Apache level. Everything that uses REMOTE_ADDR will pick this up, including (I believe) mod_access controls. Though I believe you will need to turn off KeepAlives on the backend servers.

        Comment


        • #5
          I ended up complaining so much that our host went back to the manufacturer and found a solution that doesn't mess with the client IPs.

          At any rate, the solution I suggested above was working OK for us.
          Kyle Christensen
          PbNation.com - one of the biggest and busiest vbulletin forums on the net!

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X