proxied web server

  • Resolved rick_gray

    (@rick_gray)


    10 years, 11 months ago

    Our university web server is behind a group of proxy computers. Using PHP,
    when one issues “$_SERVER[‘REMOTE_ADDR’]” it returns the IP address of the proxy, not the “real” IP of the computer visiting our sites.

    Today, Googlebot was searching our sites, and it triggered Login Security Solution and send me an email. It provided the offending IP address as that of the proxy.

    BUT, the “real” address is stored in the http headers, so issuing:
    $rgheaders = getallheaders();
    followed by
    $ip = rgheaders[‘X-Forwarded-For’];
    gets the true remote address.

    In an attempt to accommodate this in Login Security Solution, I edited login-security-solution.php to modify get_ip() to this:

    protected function get_ip() {
                if (empty($_SERVER['REMOTE_ADDR'])) {
                        return '';
                }
                $rgheaders = getallheaders();
               /*              return $this->normalize_ip($_SERVER['REMOTE_ADDR']); */
		return $this->normalize_ip($rgheaders['X-Forwarded-For']);
        }

    Do you think this will work? Do I have to make changes in other PHP files?

    Thanks for a great plugin,
    rick

    Richard Gray, Ph.D.
    Center for Learning and Memory
    The University of Texas at Austin
    [email protected]

    https://ww.wp.xz.cn/plugins/login-security-solution/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Daniel Convissor

    (@convissor)

    10 years, 11 months ago

    Sir:

    See the plugin’s installation instructions. Go to the plugin’s page on ww.wp.xz.cn and click the “Installation” tab.

    Or scroll through old postings in this forum, where this question has been asked before.

    Or search the web "login security solution" proxy and that will lead you to the same places.

    Good luck,

    –Dan

    Thread Starter rick_gray

    (@rick_gray)

    10 years, 11 months ago

    Dan,

    Thanks so much for the rapid reply. I feel pretty stupid… I read about a bunch of plugins like yours, thought yours was the best, and merely clicked “install” and “activate” without reading the instructions. (That’s what happens when a dumb scientist tries to do web stuff on their own).

    I did as you suggested, and it worked perfectly.

    In addition, I sent a donation in appreciation for your help (even if I should have figured it out on my own by reading the instructions).

    rick

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘proxied web server’ is closed to new replies.