Announcement

Collapse
No announcement yet.

issues with sessions behind load balancer

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • hichew
    replied
    the code is not working
    and i asked vbulletin support, they gave me this link
    http://www.vbulletin.com/forum/showpost.php?p=1104162&postcount=6

    and it's not working too...

    so no response until now..
    anybody have suggestion to fix this problem?

    Leave a comment:


  • jasonlitka
    replied
    Originally posted by GCC LLC View Post
    Sorry to revive a dead thread, but I just tried doing this and had no luck. The "improved" code below fails, giving my site a blank white screen. The "generic" code that was posted first goes into global.php fine causing no errors, but my site members are still being shown as visiting from the load balancer (hardware) IP address. I'm using vBulletin 3.6.8. I'm not terribly worried about people forging their originating IP address since we don't really use IP addresses much but they're nice to have if needed. Any ideas? Thanks in advance!
    I never actually tested that code, it was written off the top of my head, based on something I'd done in the past.

    What error do you get in your httpd error_log?

    Leave a comment:


  • GCC LLC
    replied
    Sorry to revive a dead thread, but I just tried doing this and had no luck. The "improved" code below fails, giving my site a blank white screen. The "generic" code that was posted first goes into global.php fine causing no errors, but my site members are still being shown as visiting from the load balancer (hardware) IP address. I'm using vBulletin 3.6.8. I'm not terribly worried about people forging their originating IP address since we don't really use IP addresses much but they're nice to have if needed. Any ideas? Thanks in advance!

    Originally posted by jason|xoxide View Post
    You should be careful with $_SERVER['HTTP_X_FORWARDED_FOR'] & $_SERVER['HTTP_CLIENT_IP'] as both can contain comma-separated lists of IP addresses and both can be forged. You should really break apart the IPs into an array and run a sanity check before using them for anything important. Also keep in mind that both of these fields can contain internal IP addresses, so you might end up with a lot of users with IPs of '192.168.0.100' or '192.168.1.100'.

    This code is rough but should work. The first line fetches the server variable 'HTTP_X_FORWARDED_FOR', removes everything that isn't a number, a period, or a comma, strips any extra commas from the beginning and end, and then explodes it into an array. The rest cycles through the array and makes sure that every value passed is actually a valid IP address. This example will actually only keep the last valid IP found. You'd probably want to run the code twice; a second time as an "else if" to pull any hits from the less-commonly-used 'HTTP_CLIENT_IP'.
    PHP Code:
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) {
        
    $forwardedips =  explode(',',trim(ereg_replace("[^0-9,\.]","",$_SERVER['HTTP_X_FORWARDED_FOR']),','));
        foreach (
    $forwardedips as $ip) {
             if (
    $ip === long2ip(ip2long($ip))) {
                 
    $_SERVER['REMOTE_ADDR'] = $ip;
             }
        }

    EDIT: Ignore the reply email if you got one, the code was wrong. The code above is correct.

    Leave a comment:


  • jasonlitka
    replied
    Originally posted by mrlister View Post
    I just put a load balancer in my setup and came to a hard shock with the single IP requesting everything.

    My solution add this to global.php

    PHP Code:
    if ($_SERVER['HTTP_X_FORWARDED_FOR'])
        
    $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; 
    Works for about 99% of visitors.
    You should be careful with $_SERVER['HTTP_X_FORWARDED_FOR'] & $_SERVER['HTTP_CLIENT_IP'] as both can contain comma-separated lists of IP addresses and both can be forged. You should really break apart the IPs into an array and run a sanity check before using them for anything important. Also keep in mind that both of these fields can contain internal IP addresses, so you might end up with a lot of users with IPs of '192.168.0.100' or '192.168.1.100'.

    This code is rough but should work. The first line fetches the server variable 'HTTP_X_FORWARDED_FOR', removes everything that isn't a number, a period, or a comma, strips any extra commas from the beginning and end, and then explodes it into an array. The rest cycles through the array and makes sure that every value passed is actually a valid IP address. This example will actually only keep the last valid IP found. You'd probably want to run the code twice; a second time as an "else if" to pull any hits from the less-commonly-used 'HTTP_CLIENT_IP'.
    PHP Code:
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) {
        
    $forwardedips =  explode(',',trim(ereg_replace("[^0-9,\.]","",$_SERVER['HTTP_X_FORWARDED_FOR']),','));
        foreach (
    $forwardedips as $ip) {
             if (
    $ip === long2ip(ip2long($ip))) {
                 
    $_SERVER['REMOTE_ADDR'] = $ip;
             }
        }

    EDIT: Ignore the reply email if you got one, the code was wrong. The code above is correct.

    Leave a comment:


  • mrlister
    replied
    I just put a load balancer in my setup and came to a hard shock with the single IP requesting everything.

    My solution add this to global.php

    PHP Code:
    if ($_SERVER['HTTP_X_FORWARDED_FOR'])
        
    $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; 
    Works for about 99% of visitors.

    Leave a comment:


  • Marco van Herwaarden
    replied
    I doubt it as all clients would create a session with the same IP.

    Leave a comment:


  • sobaka
    replied
    Is there anything that can be done in the case of using something like mod_proxy_balancer where the actual client IP is not passed?

    Leave a comment:


  • Marco van Herwaarden
    replied
    vBulletin will always store sessions in MySQL.

    You migth get into problems with sessions if the load balancer does not forward the original IP of the client but passes it's own IP to the webservers. This would make it seem like all requests are coming from the same IP which can lead to problems (within vBulletin and even on your webserver). Also make sure that there is no serverside caching that thinks all requests are coming from the same client connection.

    Leave a comment:


  • sobaka
    replied
    bump?

    Leave a comment:


  • sobaka
    replied
    anyone?

    Leave a comment:


  • sobaka
    started a topic issues with sessions behind load balancer

    issues with sessions behind load balancer

    My forum has hit a breaking point, and I purchased a couple of servers to create a cluster. I got all the data migrated and functioning with a single server/single database and all was well, so I replicated the forum to the 3rd machine, and set up mod_proxy/mod_proxy_balancer, and it was working fine, to a point, it ran into session issues because of what I thought was session persistence issues.

    So, I stuck a Zeus load balancer in front, and same issues.

    What would happen is that sometimes, after a bunch of clicking around, I would see what I assume is session errors from PHP (blank pages on showthread.php clicks). Someone told me there is a way to force VB to use MySQL for all session data?

    Any advice?
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X