Forum
HideProxy to accept networks
Epe
27 November 2012, 13:42
Hi, Im trying to setup cloudflare and it is working, just that Im not getting the real IPs from the customers anymore. Hiawatha has the HideProxy feature to allow this, but it seems to accept only ips, not networks..
Cloudflare has listed several ranges from where the requests can come. Can the hideproxy feature be updated to accept networks and noy only ips?
Hiawatha version: latest
Operating System: linux
Cloudflare has listed several ranges from where the requests can come. Can the hideproxy feature be updated to accept networks and noy only ips?
Hiawatha version: latest
Operating System: linux
Hugo Leisink
27 November 2012, 13:54
How does the range information from cloudflare look like? Can you post some example header lines?
Epe
28 November 2012, 01:02
yes, they can be found here: https://www.cloudflare.com/ips
Hugo Leisink
28 November 2012, 07:08
I meant an example of a HTTP header from a request via cloudfare. I need to know what Hiawatha needs to parse.
.$_SERVER["HTTP_CF_CONNECTING_IP"]
4 December 2012, 11:35
Hi Hugo,
Cloudflare send the real IP in a header variable: $_SERVER["HTTP_CF_CONNECTING_IP"], it seems Hiawatha did not pass this parameter to PHP. Is it being blocked? You must pass this header parameter in order to Hiawatha or the PHP scripts could access the real visitor IP.
https://support.cloudflare.com/entries/22065118-how-do-i-restore-original-visitor-ip-with-vbulletin
https://support.cloudflare.com/entries/22055786-how-do-i-restore-original-visitor-ip-to-apache-web-servers
Thanks for your help.
Cloudflare send the real IP in a header variable: $_SERVER["HTTP_CF_CONNECTING_IP"], it seems Hiawatha did not pass this parameter to PHP. Is it being blocked? You must pass this header parameter in order to Hiawatha or the PHP scripts could access the real visitor IP.
https://support.cloudflare.com/entries/22065118-how-do-i-restore-original-visitor-ip-with-vbulletin
https://support.cloudflare.com/entries/22055786-how-do-i-restore-original-visitor-ip-to-apache-web-servers
Thanks for your help.
Hugo Leisink
4 December 2012, 11:51
I've added the header to Hiawatha. It will be available in the next release. In the meantime, you can add this fix manually by adding the following line to envir.c, at the end of the block around line 220:
headerfield_to_environment(session, fcgi_buffer, "CF-Connecting-IP:", "HTTP_CF_CONNECTING_IP");
Flores
4 December 2012, 11:59
Hi Hugo, thanks for your fast response.
I seems Cloudflare also could pass an IP geolocation header which is very usefull for ecommerce sites.
https://support.cloudflare.com/entries/22268642-what-does-cloudflare-ip-geolocation-do
Could you parse this header too?
Thanks
I seems Cloudflare also could pass an IP geolocation header which is very usefull for ecommerce sites.
https://support.cloudflare.com/entries/22268642-what-does-cloudflare-ip-geolocation-do
Could you parse this header too?
Thanks
Hugo Leisink
4 December 2012, 13:13
Done.
headerfield_to_environment(session, fcgi_buffer, "CF-IPCountry:", "HTTP_CF_IPCOUNTRY");
Epe
5 December 2012, 13:57
ok
but hugo:
I think it is important to be able to define networks in CIDR format for the HideProxy parameter.. instead of only ips as it is currently used.
but hugo:
I think it is important to be able to define networks in CIDR format for the HideProxy parameter.. instead of only ips as it is currently used.
Hugo Leisink
6 December 2012, 09:30
That shouldn't be too hard to implement. I'll take a look at it for the next release.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
