nopCommerce icon indicating copy to clipboard operation
nopCommerce copied to clipboard

Published 20 hours ago verified publisher icon nopSolutions

Haproxy

Open JTrotta opened this issue 2 years ago • 1 comments

nopCommerce version: 4.53 Steps to reproduce the problem: Enable useproxy in appsettings. Enable forwardfor in haproxy x-forward* are regularly populated, but currentip is wrong.

JTrotta avatar Sep 14 '22 19:09 JTrotta

FYI: I changed the code in GetCurrentIpAddress, and it works: `public virtual string GetCurrentIpAddress() { if (!IsRequestAvailable()) return string.Empty; /TODO ForwardedHeadersOptions DOES NOT WORK/ var hc = _httpContextAccessor.HttpContext; if (hc.Request.Headers.ContainsKey("X-Forwarded-For")) { hc.Connection.RemoteIpAddress = IPAddress.Parse(hc.Request.Headers["X-Forwarded-For"].ToString().Split(',', StringSplitOptions.RemoveEmptyEntries)[0]); } /********************/ if (_httpContextAccessor.HttpContext.Connection?.RemoteIpAddress is not IPAddress remoteIp) return "";

        if (remoteIp.Equals(IPAddress.IPv6Loopback))
            return IPAddress.Loopback.ToString();

        return remoteIp.MapToIPv4().ToString();
    }`

JTrotta avatar Sep 15 '22 14:09 JTrotta

Hi, @JTrotta! Can you provide your HAProxy configuration?

exileDev avatar Oct 04 '22 13:10 exileDev

@exileDev: here you are. Some IP and other frontend+backend configuration deleted.

`# Automaticaly generated, dont edit manually.

Generated on: 2022-10-03 08:33

global maxconn 10000 log /var/run/log local0 debug stats socket /tmp/haproxy.socket level admin expose-fd listeners uid 80 gid 80 nbproc 1 nbthread 1 hard-stop-after 15m chroot /tmp/haproxy_chroot daemon tune.ssl.default-dh-param 2048 server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats bind 127.0.0.1:2200 name localstats mode http stats enable stats admin if TRUE stats show-legends stats uri /haproxy/haproxy_stats.php?haproxystats=1 timeout client 5000 timeout connect 5000 timeout server 5000

frontend Shared_Http-merged bind 192.168.X.XX:80 name 192.168.X.XX:80
mode http log global option dontlognull option dontlog-normal option log-separate-errors option httplog option http-keep-alive option forwardfor acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https timeout client 330000 acl NOP var(txn.txnhost) -m str -i nop.XXXXXX.XXX http-request set-var(txn.txnhost) hdr(host) http-request redirect scheme https if NOP

frontend Shared_Https-merged bind 192.168.X.XX:443 name 192.168.X.XX:443 ssl crt-list /var/etc/haproxy/Shared_Https.crt_list
mode http log global option dontlognull option dontlog-normal option log-separate-errors option httplog option http-keep-alive option forwardfor acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https timeout client 330000 acl NOP var(txn.txnhost) -m str -i nop.XXXXXXX.XXX http-request set-var(txn.txnhost) hdr(host) use_backend NOP_ipvANY if NOP

backend FIDS_ipvANY mode http id 119 log global timeout connect 30000 timeout server 437000 retries 3 server NOP 192.168.X.XX:80 id 116 check inter 30000 `

JTrotta avatar Oct 07 '22 08:10 JTrotta

@JTrotta Have you tried adding IP addresses of known proxies to accept forwarded headers?

https://github.com/nopSolutions/nopCommerce/blob/491342ef4c61d90d32d2e1efc1bc5e248177ce2f/src/Libraries/Nop.Core/Configuration/HostingConfig.cs#L27

exileDev avatar Oct 19 '22 09:10 exileDev

Looks like the problem related to specific server configuration. Closed #6352

exileDev avatar Oct 31 '22 14:10 exileDev