MyBB Community Forums

Hello

I'm an mybb forum administrator of the following one:

http://forum.pplware.com

We are having a problem.

The server ISP, recently installed a reverse proxy(varnish) between VIP and Apache.

what does that mean? all the client IP's of any user who make it till Apache are 127.0.0.1, because as they said they have installed the reverse proxy in the same machine.

What they are saying know is that any application, (mybb included), must use the X-Forwarded-For to extract the clients IP, instead of the remote_addr that most use, more info about it, here:

http://en.wikipedia.org/wiki/X-Forwarded-For

So i was wondering if there is some kind of plugin of option that can be enabled to make the mybb infrastructure extract IP from that header and store it on the BD and associate it to any user (client).

If not i would like to know where is this info in the php source code files, which are available and what should i change?

I don't know of one. It's probably best to ask for one in plugin requests

(2010-08-15, 03:29 PM)Polarbear541 Wrote: [ -> ]I don't know of one. It's probably best to ask for one in plugin requests

Hi Polarbear541

Thanks for the reply!

I managed to address the issue in the following way.

I have analyzed the source code, and i found that in the file inc/class_session.php is where the ip address of the client is retrieved. In the fllowing line:

// Get our visitor's IP.
$this->ipaddress = get_ip();

I have replaced with:

// Get our visitor's IP.
$this->ipaddress=$_SERVER['HTTP_X_FORWARDED_FOR'];

And it started working However, i don't think that this is a permanent solution. It has the disavantage every time we update the forum, we will have to edit this line. Probably it would be better to replace that get_ip() function, with another one which adresses this issue, since i doubt that we will be the only ones affected using MyBB

Actually, this is already in the function.

/**
 * Fetch the IP address of the current user.
 *
 * @return string The IP address.
 */
function get_ip()
{
	if(isset($_SERVER['REMOTE_ADDR']))
	{
		$ip = $_SERVER['REMOTE_ADDR'];
	}
	elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
	{
		if(preg_match_all("#[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}#s", $_SERVER['HTTP_X_FORWARDED_FOR'], $addresses))
		{
			foreach($addresses[0] as $key => $val)
			{
				if(!preg_match("#^(10|172\.16|192\.168)\.#", $val))
				{
					$ip = $val;
					break;
				}
			}
		}
	}

	if(!isset($ip))
	{
		if(isset($_SERVER['HTTP_CLIENT_IP']))
		{
			$ip = $_SERVER['HTTP_CLIENT_IP'];
		}
		else
		{
			$ip = '';
		}
	}

	$ip = preg_replace("#([^.0-9 ]*)#", "", $ip);
	return $ip;
}

As you can see it already checks for forwarded ports first.

(2010-08-15, 11:48 PM)Dylan M. Wrote: [ -> ]Actually, this is already in the function.

/**
 * Fetch the IP address of the current user.
 *
 * @return string The IP address.
 */
function get_ip()
{
	if(isset($_SERVER['REMOTE_ADDR']))
	{
		$ip = $_SERVER['REMOTE_ADDR'];
	}
	elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
	{
		if(preg_match_all("#[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}#s", $_SERVER['HTTP_X_FORWARDED_FOR'], $addresses))
		{
			foreach($addresses[0] as $key => $val)
			{
				if(!preg_match("#^(10|172\.16|192\.168)\.#", $val))
				{
					$ip = $val;
					break;
				}
			}
		}
	}

	if(!isset($ip))
	{
		if(isset($_SERVER['HTTP_CLIENT_IP']))
		{
			$ip = $_SERVER['HTTP_CLIENT_IP'];
		}
		else
		{
			$ip = '';
		}
	}

	$ip = preg_replace("#([^.0-9 ]*)#", "", $ip);
	return $ip;
}

As you can see it already checks for forwarded ports first.

Silly me!

We are using version 1.4.11. Probably is too old, since that function didn't work and i i've had to manually override it.

That function, was there all the time since 1.4.11?

EDIT

I'm convinced that your logic is wrong, this is why:

The variable check by HTTP_X_FORWARDED_FOR, should be the first to be compared. Since if the remote_addr is checked first and it returns 127.0.0.1, it will short circuit the if clause and it will never compare for HTTP_X_FORWARDED_FOR (and that is what is happening to us.

The logic sequence shoud be something like this:

[b](...)[/b]
    if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
    {
        if(preg_match_all("#[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}#s", $_SERVER['HTTP_X_FORWARDED_FOR'], $addresses))
        {
            foreach($addresses[0] as $key => $val)
            {
                if(!preg_match("#^(10|172\.16|192\.168)\.#", $val))
                {
                    $ip = $val;
                    break;
                }
            }
        }
    }
    elseif(isset($_SERVER['REMOTE_ADDR']))
    {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
[b](...)[/b]

The other alternative is to simultaneously when it is checked for remote_addr, it to verify if it was not set with 127.0.0.1

I'm not sure what version it was introduced.

EDIT: The function is in inc/functions.php if you want to look

You really should upgrade though. To 1.4.13 if you're still waiting on plugins/themes to be brought up to 1.6, otherwise straight to 1.6.

Dylan M. i have checked the file.

Please see my edit above (sorry about that, i always edit many forum posts).

the check for remote_addr is returning 127.0.0.1

That is why it never gets to compare to the next else ($_SERVER['HTTP_X_FORWARDED_FOR']), since in fact the variable is being set.

shouldn't the if clause check if the value is different from 127.0.0.1 ?

It does, thats what the ! before preg_match is all about. In programming ! is LOGICAL NOT. So if it does NOT match then it should store it...

Oops, nevermind I actually scrolled up and looked. I thought this issue had already been addressed in a previous release. I swear I saw it on the bug tracker. I'm going to defer this to Ryan & the rest of the team on this one.

Thanks a lot for yout time Dylan. Keep me posted on what you guys decided.

Btw, great statement on your signature

Thank you for your suggestion. It will be considered for MyBB 1.6.1