New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IP::getNonProxyIpFromHeader retrieves final proxy instead of client #7060
Comments
Thx for the report! |
I thought about this some more, and the current behavior of I think the behavior should perhaps check if the direct client ( The downside is this would make |
I think you would not need the As seen in function How can I help, to get this issue resolved? I'm currently implementing Piwik behind multiple proxies so we are in the blind of the users real IP at this moment. |
I didn't check the details of this issue, but it would help if you manage to create a Pull request and explain in this PR what you do, why, what problem it solves, etc. Cheers |
To clarify, this works as expected/designed. Each successive proxy appends to the Forwarded-For header. As the OP observes:
The reason why we traverse the list of IPs in |
Thanks for the details @robocoder |
Thanks for the follow up. I cannot recall how we we're able to resolve the issue. We somehow managed it, probably by changing the request header done by the proxy server. |
IP::getNonProxyIpFromHeader
attempts to retrieve the client IP address from headers configured inproxy_client_headers[]
. This callsIP::getLastIpFromList
, excluding proxies configured viaproxy_ips[]
.What I do not understand is why by default this returns the last IP, whereas the format for
X-Forwarded-For
isclient, proxy1, proxy2, ...
:http://en.wikipedia.org/wiki/X-Forwarded-For#Format
This only becomes an issue when running Piwik behind multiple proxies; for example the configuration in question is:
So Piwik sees:
Basically the current behavior would seem to select the IP of the last proxy by default. This would be problematic in a scenario with variable proxy IPs.
The text was updated successfully, but these errors were encountered: