Guide/X-forwarded-for: Difference between revisions
From Convention Master Documentation
(Created page with "=X Forwarded For= The X-Forwarded-For header is a very common header that is used by web application firewalls and other proxy devices including cloudflare. ==Simple X-Forwarded-for implementation== This simple implementation will ALWAYS replace the ip found in X-forward-for. It's simpler code, but people with malicous intent could potentially spoof the x-forwarded-for header, if there is ingress into your network via other means. # Open the shared_php/db_connect.php f...") |
(Added configuration info for PHP-FPM) |
||
| (One intermediate revision by one other user not shown) | |||
| Line 8: | Line 8: | ||
Add the following code to your db_connect.php | Add the following code to your db_connect.php | ||
<syntaxhighlight lang="php"> | |||
if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)){ | if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)){ | ||
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; | $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; | ||
} | } | ||
</syntaxhighlight> | |||
==More secure X-Forwarded-For Implemention== | ==More secure X-Forwarded-For Implemention== | ||
| Line 19: | Line 21: | ||
# Edit the $allowedProxies line of the code snippit below; add or remove comma seperated IP address values to the list of ip's which you will allow to provide the X-forwarded-for header. | # Edit the $allowedProxies line of the code snippit below; add or remove comma seperated IP address values to the list of ip's which you will allow to provide the X-forwarded-for header. | ||
<syntaxhighlight lang="php"> | |||
$allowedProxies = array('10.10.15.7','192.168.15.12'); | $allowedProxies = array('10.10.15.7','192.168.15.12'); | ||
if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && (in_array($_SERVER['REMOTE_ADDR'],$allowedProxies)){ | if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && (in_array($_SERVER['REMOTE_ADDR'],$allowedProxies)){ | ||
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; | $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; | ||
} | } | ||
</syntaxhighlight> | |||
==PHP-FPM more secure X-Forwarded-For implemention== | |||
This more secure implementation requires you to create a list of machines that you will allow the X-forwarded-for header to be grabbed from. | |||
# Run <code>a2enmod remoteip</code> | |||
# Add the following to your Apache site configuration: | |||
<nowiki><IfModule mod_remoteip.c> | |||
RemoteIPHeader X-Forwarded-For | |||
RemoteIPTrustedProxy your-proxy-IP-goes-here | |||
</IfModule></nowiki> | |||
Latest revision as of 11:33, 18 April 2023
X Forwarded For
The X-Forwarded-For header is a very common header that is used by web application firewalls and other proxy devices including cloudflare.
Simple X-Forwarded-for implementation
This simple implementation will ALWAYS replace the ip found in X-forward-for. It's simpler code, but people with malicous intent could potentially spoof the x-forwarded-for header, if there is ingress into your network via other means.
- Open the shared_php/db_connect.php file
- Paste in the code below
Add the following code to your db_connect.php
if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)){
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
More secure X-Forwarded-For Implemention
This more secure implementation requires you to create a list of machines that you will allow the X-forwarded-for header to be grabbed from.
- Open the shared_php/db_connect.php file
- Paste in the code below
- Edit the $allowedProxies line of the code snippit below; add or remove comma seperated IP address values to the list of ip's which you will allow to provide the X-forwarded-for header.
$allowedProxies = array('10.10.15.7','192.168.15.12');
if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && (in_array($_SERVER['REMOTE_ADDR'],$allowedProxies)){
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
PHP-FPM more secure X-Forwarded-For implemention
This more secure implementation requires you to create a list of machines that you will allow the X-forwarded-for header to be grabbed from.
- Run
a2enmod remoteip - Add the following to your Apache site configuration:
<IfModule mod_remoteip.c> RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy your-proxy-IP-goes-here </IfModule>