Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
GriefCode Posted June 13, 2015 Posted June 13, 2015 Hey, we recently discovered a small issue on our system, since we put the whole server behind cloudflare.The software seems not to forward users IPs which result that many users now have cloudflare IPs: The first one is as example my IP, and i was in my VPN, where the IP starts with 37.*, after discovering the latest posts, we noted that nearly every IP is related to cloudflare. We used to forward the IPs on an earlier application and acutally its a simple system: $UserIP = $_SERVER["REMOTE_ADDR"]; if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) { $var = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); $UserIP = @array_pop( $var ); if (empty($UserIP)) $UserIP = $_SERVER["REMOTE_ADDR"]; } In my opinion this snippet is a must have in a modern software application. Imagine the case that a user should be banned from the system by IP, this would ban definitly within the time several users. Regards
Ahmad E. Posted June 13, 2015 Posted June 13, 2015 ACP->System->Security->Security Settings, turn on Trust IP addresses provided by proxies?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.