+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Session and match_ip ignore proxy (/showthread.php?tid=67597)
Session and match_ip ignore proxy - gdhnz - 03-13-2017
Hi,
I've got some proxy IPs set in my config but I've found out if you set $config['sess_match_ip'] = true, then the Session library will not take into account the proxies and will always use $_SERVER['REMOTE_HOST'].
$this->input->ip_address() does take into account the proxy IPs and returns the correct client IP.
Any suggestions?
RE: Session and match_ip ignore proxy - InsiteFX - 03-13-2017
Just use $this->input->ip_address() and assign it to your session variables.
RE: Session and match_ip ignore proxy - gdhnz - 03-13-2017
I've overridden the relevant session driver to set the $CI->input->ip_address() value to a $this->ip_address class variable in the driver constructor and have replaced all instances of $_SERVER['REMOTE_ADDR'] with $this->ip_address.
Is it worth providing a pull request updating all the session drivers?
RE: Session and match_ip ignore proxy - Narf - 03-13-2017
No, this is by design and I suggest that you reverse your changes.
RE: Session and match_ip ignore proxy - gdhnz - 03-13-2017
If you don't want me to provide a PR then that's fine but I'm not going to revert my local changes with no explanation when it's doing what I require.
RE: Session and match_ip ignore proxy - gdhnz - 03-13-2017
If it makes any difference to the explanation, I'm on CI v3.1.3.
RE: Session and match_ip ignore proxy - Narf - 03-14-2017
(03-13-2017, 03:29 PM)gdhnz Wrote: If you don't want me to provide a PR then that's fine but I'm not going to revert my local changes with no explanation when it's doing what I require.
You're modifying framework files, meaning any upgrades in the future will be much harder for you, or you'll be stuck with the current version forever.
There's easier ways to do what you "require", but at the same time it is not by accident that the library doesn't take proxies into account.
You might get better feedback if you explain why you want this.
RE: Session and match_ip ignore proxy - gdhnz - 03-14-2017
Our web setup uses docker containers behind some proxies. What I see when I use match_ip for sessions is the ip address of the proxies.
All I've done is copy the system/libraries/Sessions/drivers/Session_redis_driver.php file to application/libraries/Sessions/drivers/MY_Session_redis_driver.php and just overrode the methods that used $_SERVER['REMOTE_ADDR'].
According to the documentation, this how you override core files.
RE: Session and match_ip ignore proxy - Narf - 03-15-2017
(03-14-2017, 12:14 PM)gdhnz Wrote: Our web setup uses docker containers behind some proxies. What I see when I use match_ip for sessions is the ip address of the proxies.
All I've done is copy the system/libraries/Sessions/drivers/Session_redis_driver.php file to application/libraries/Sessions/drivers/MY_Session_redis_driver.php and just overrode the methods that used $_SERVER['REMOTE_ADDR'].
According to the documentation, this how you override core files.
If you're overriding the entire driver functionality (and not just the IP filtering), that means you won't get any bugfixes for that driver.
Still, you're explaining what you did, not why.
And even that is besides the point ... To clarify, I see two potential problems:
1. sess_match_ip is not for everybody; chances are you're using it just because it exists and not because you need it.
2. You're relying on (and changing) the framework, instead of properly configuring your environment. Unless you're running Apache with mod_php, it's the httpd that tells PHP what the REMOTE_ADDR value should be - this is where it should be configured; not in your code.