Dnn.Platform
Dnn.Platform copied to clipboard
dnnsoftware
[Enhancement]: DNN behind Cloudflare - HTTP_X_FORWARDED_FOR
Is there an existing issue for this?
- [X] I have searched the existing issues
Description of problem
Hello, I have some websites behind Cloudflare's WAF. I currently use Request.ServerVariables("HTTP_X_FORWARDED_FOR") for my own applicatoin log. So I can log real IP address of clients, not just Cloudflare ip addresses. It would be useful to have an option that allows DNN to log IP using this variable.
Description of solution
implement Request.ServerVariables("HTTP_X_FORWARDED_FOR")
Description of alternatives considered
No response
Anything else?
No response
Do you be plan to contribute code for this enhancement?
- [ ] Yes
Would you be interested in sponsoring this enhancement?
- [X] Yes
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
Related? to #5073 ?
This sounds like an enhancement that a lot of people would appreciate. Well, at least me!
@fablaser can you try setting it here and see if that works ?
Hello, I tried to follow the configuration, but I does not work... After changed it I tried to clear cache and recycle app pool. Anyway any operation (such as failed login) will be logged with Cloudflare ip address... I also tried "x-forwarded-for" variable.
Related? to #5073 ?
This sounds like an enhancement that a lot of people would appreciate. Well, at least me!
Yes, it is related to it! I did not noticed this previous request
Just reading some code, it looks like one could add an entry in the HostSettings table to specify that header
https://github.com/dnnsoftware/Dnn.Platform/blob/9f4833f5dcba24e0dbd194338c2a50a03a43da83/DNN%20Platform/Library/Services/UserRequest/UserRequestIPAddressController.cs#L27C1-L28C1
Hello thank you for your support.
I tried to add a new record in HostSettings table with these values:
SettingName: UserRequestIPHeader SettingValue: X-Forwarded-For
Then I cleared cache and recycled app pool, but the result is always the same: every failed login, in logs, has the cloudflare ip address...
Just reading some code, it looks like one could add an entry in the HostSettings table to specify that header
https://github.com/dnnsoftware/Dnn.Platform/blob/9f4833f5dcba24e0dbd194338c2a50a03a43da83/DNN%20Platform/Library/Services/UserRequest/UserRequestIPAddressController.cs#L27C1-L28C1
Hello, I simply needed to write "X-Forwarded-For" in lower case! Thanks!!
Hello, I simply needed to write "X-Forwarded-For" in lower case!
Wait, what? Are you saying,
-
in code you need it lower cased... Request.ServerVariables() or
-
the Value it the SQL table HostSettings
needed to be lowercase?
That is surprising, they document it with capitals https://developers.cloudflare.com/fundamentals/reference/http-request-headers/#x-forwarded-for
Wait, what? Are you saying, * in code you need it lower cased... Request.ServerVariables() or * the Value it the SQL table HostSettings
needed to be lowercase?
In SQL HostSettings table. When DNN launces this code:
var userRequestIPHeader = HostController.Instance.GetString("UserRequestIPHeader", "X-Forwarded-For");
var userIPAddress = string.Empty;
if (request.Headers.AllKeys.Contains(userRequestIPHeader))
AllKeys.Contains(userRequestIPHeader)) does not matches "X-Forwarded-For", it is seems to be case sensitive.
That is surprising, they document it with capitals https://developers.cloudflare.com/fundamentals/reference/http-request-headers/#x-forwarded-for
Perhaps it should be useful to change the code using Contains(userRequestIPHeader, IEqualityComparer) so that it would be case insensitive...
I wont ask again, please take me off your mailing list, NOW!
Frank DeSocio Bpaa Executive Director 817-385-8428 316-648-2479 cell
From: Daniel Valadas @.> Sent: Thursday, October 3, 2024 7:46 AM To: dnnsoftware/Dnn.Platform @.> Cc: Subscribed @.***> Subject: Re: [dnnsoftware/Dnn.Platform] [Enhancement]: DNN behind Cloudflare - HTTP_X_FORWARDED_FOR (Issue #6145)
Caution: This message came from outside the IBC network. Use caution with links and attachments.
Oh, I see, so you went from X-FORWARDED-FOR to X-Forwarded-For right ?
— Reply to this email directly, view it on GitHubhttps://github.com/dnnsoftware/Dnn.Platform/issues/6145#issuecomment-2391331249, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AFO2FYUHI7KYFSFBA3A37WTZZU4BFAVCNFSM6AAAAABPFYXO3OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGOJRGMZTCMRUHE. You are receiving this because you are subscribed to this thread.Message ID: @.***>
@ronnydodd I did not email you, this is a reply to a github issue, not sure how but you are somehow following this issue. Please go to https://github.com/dnnsoftware/Dnn.Platform/issues/6145 and unsubscribe from it if you don't want these emails.
Oh, I see, so you went from
X-FORWARDED-FORtoX-Forwarded-Forright ?
In my own code I used X-FORWARDED-FOR, but it does not matter if I use request.Headers['X-FORWARDED-FOR'], request.Headers['X-Forwarded-For'] or request.Headers['x-forwarded-for'], they will work fine.
The issue has been caused by "request.Headers.AllKeys.Contains(userRequestIPHeader)" in DNN code you mentioned yesterday. "Contains" method is case sensitive. In my header's collection I see "x-forwarded-for" (lower), so I need to use this string in hostsettings table.
So, the line
if (request.Headers.AllKeys.Contains(userRequestIPHeader))
should be modified in order to use Request.Headers.AllKeys.Contains(userRequestIPHeader, iEqualityComparer) and make the comparison caseinsensitive.
I use x-forwarded-for in the Hostsettings table and that works fine. All small letters
INSERT INTO [dbo].[HostSettings] ([SettingName],[SettingValue],[SettingIsSecure],[CreatedByUserID],[CreatedOnDate],[LastModifiedByUserID],[LastModifiedOnDate]) VALUES ('UserRequestIPHeader','x-forwarded-for',0,-1,GETDATE(),-1,GETDATE()) GO