Welcome Guest, Not a member yet? Register   Sign In
Using real client ip behind a proxy in Session driver
#4

(This post was last modified: 02-18-2016, 08:54 AM by remiheens.)

Ok I've found a better solution, I think it's more a "hack" than a solution but it works.

I add this on top of my index.php
PHP Code:
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP']; 

HTTP_X_FORWARDED_FOR cannot be trusted because it's a concatenation of ip provided by HTTP Request and the client can set the value.
Code:
curl http://example.com/ -H 'X-Forwarded-For: <a-fake-ip>'
If you check, in codeigniter, the value of $this->input->ip_address() was the fake ip and not the real client ip.

HTTP_X_REAL_IP is created by nginx configuration and if it already exists it will overwrite, so i cant trust the value no ?
Reply


Messages In This Thread
RE: Using real client ip behind a proxy in Session driver - by remiheens - 02-18-2016, 08:49 AM



Theme © iAndrew 2016 - Forum software by © MyBB