laravel-authentication-log icon indicating copy to clipboard operation
laravel-authentication-log copied to clipboard

Published 20 hours ago verified publisher icon rappasoft

use real user ip behind cloudflare

Open t0nka opened this issue 2 years ago • 11 comments

if a website is behind clouflare, $this->request->ip() will provide u only a clouflare ip, not the real user ip address.

with $this->request->server('HTTP_CF_CONNECTING_IP') u are able to get the real user ip address

t0nka avatar Feb 12 '23 20:02 t0nka

You can just use your webserver to modify the standard header. CloudFlare provide instructions on how to do this for Apache and Nginx.

lrljoe avatar Feb 18 '23 13:02 lrljoe

True, but sometime u need a vanilla server or even u cant cange the configuration of your server

t0nka avatar Feb 27 '23 12:02 t0nka

In that case, can I suggest that you add some key options into the config file so that it's a little more configurable, perhaps a real_ip header or something?

That way it can be applied to CloudFlare/cloudfront/frontdoor etc

lrljoe avatar Feb 27 '23 19:02 lrljoe

Just testing an alternative approach, using the config file to determine which headers to use etc, as this suggested approach limits it to only CloudFlare.

lrljoe avatar Apr 11 '23 03:04 lrljoe

I think if you use this package on your application no changes will need to be done within this package: https://github.com/monicahq/laravel-cloudflare

swilla avatar Apr 27 '23 01:04 swilla

i added a configurable approach - config based

t0nka avatar Apr 27 '23 07:04 t0nka

One minor tweak I'd recommend is to use the shorthand to simplify it somewhat, the below should work but you get the idea on how to tweak if not.

$ip = (config('authentication-log.behind_cdn')) ? $this->request->server(config('authentication-log.behind_cdn.http_header_field')) : $this->request->ip();

Otherwise it looks like a great addition!

lrljoe avatar Apr 27 '23 22:04 lrljoe

@rappasoft this would be incredibly useful, I'm using Vercel and have a similar issue. Even if I add the correct user IP to the IPs header, it still uses the secondary AWS IP.

denizaygundev avatar Aug 18 '23 10:08 denizaygundev

As a workaround I ended up implementing the Login event and listener manually myself.

denizaygundev avatar Aug 18 '23 13:08 denizaygundev

I've got some updates and improvements for this that I'll merge across, including smoother detection for the common WAFs/proxies, I'm just focused on the tables package at the mo.

I'd estimate 3 to 4 weeks before I can properly get everything in a good shape for a new release

lrljoe avatar Aug 19 '23 11:08 lrljoe

As a side note, rather than replicating the methods, you could do one of the following

configure your webserver to rewrite the header

configure cloudflare to pass the original IP in the original header

use a middleware to rewrite the headers

The update I've got sat to one side has a couple of nifty features for detecting a WAF and picking the appropriate header. Plus some improvements to the way the package is listening. Sadly a few weeks before I can think about that tidying it up and adding it in

lrljoe avatar Aug 20 '23 00:08 lrljoe