Jump to content

IP Address Checking

The IPS Community Suite has the capability, which is enabled by default, to check that the IP address of the current request matches the IP address when the session was first started, and if the IP address has changed to treat the current visitor as a guest and force them to login again. This is a security precaution designed to prevent a user's session from being hijacked by someone else at a different location. While this is a good security precaution and should generally be left enabled, there can be times where this is undesirable in some hosting environments. For instance, if you are required to use the site through a proxy and the proxy IP address may change on every request, the IP address checking may prevent you from staying logged in.

Changing Proxy IP Settings

If you are having trouble staying logged in to your site due to this functionality, there are some settings you may need to adjust on your site.

There is a setting in the ACP labeled "Trust IP addresses provided by proxies?" which allows the software to detect the original IP address of a user who is visiting through a proxy, and use that instead. In most cases, enabling this setting is what you will need to do to resolve the issue.  This setting can be found in the following location in your ACP

System -> Settings -> Advanced Configuration 

It is important to understand that enabling this setting can allow users to fake their IP address to avoid IP address bans set up in the software.

On the same screen, there is a setting labeled "Check IP address when validating session?".  This setting allows the software to verify that the IP address of the current request matches the IP address when the session was first started. In most environments, this should be left enabled, however in some situations (such as an intranet where all users visit from the same IP address) you may need to disable this setting to avoid session collisions.

ACP IP Checks

In some rare situations, you may have trouble logging in to the ACP due to the IP address checking with an error message "Your IP address does not match this session.". In order to stop this issue, you should try enabling the "Trust IP addresses provided by proxies?" setting, and if that does not resolve the issue then disable the "Check IP address when validating session?" setting, however in order to do so you must get logged in to the ACP first. There is a filesystem-level constant available that will allow you to temporarily disable IP address checking in order to get into the ACP and toggle the aforementioned setting.

If you do not already have a file called constants.php in your Community Suite root directory (where conf_global.php is located), create one with an opening PHP tag like so:

<?php

// Constants go here

Add the following line to your constants.php afterwards:

define( 'BYPASS_ACP_IP_CHECK', TRUE );

Save this file, and you will now be able to access the ACP in order to change the "Trust IP addresses provided by proxies?" setting. After toggling this setting, remove the constant you just added and verify if you can stay logged in to the ACP.  If so, you need not do anything else. If you continue to have trouble, add the constant again, log in to the ACP, and then toggle "Check IP address when validating session?" off and save. Afterwards, remove the constant from constants.php again and you should remain logged in to the ACP without further issue.


  Report Guide


×
×
  • Create New...