right now, mod_auth_mysql taking the proxy ip as %a paramater. Is there a way that I can get the real ip instead of proxy ip.
I implemented the system in a way that authenticate user by their username/password and ipaddress. When user enter my website their ipaddress is automatically updated if their current ipaddress is in the same network/isp with their registered ipaddress. This can be done by comparing part of their current dns with their registered dns. However, if a user is under a proxy server, mod_auth_mysql does not know their real ip address. If that person share account this other member under the same proxy. Then both of them can access the system and download simultaneously.
Is there way I can make mod_auth_mysql check user real ip instead of proxy ip?
any suggestion is appreciated.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I think there is a piece of code in PHP to check for proxy ip. I implemented it in my server, it works nicely without any errors, here is the code for it. I hope you might want to include in the module for future release. Furthermore, I used mod_limitipconn, this module can also resolve real ip.
// establish client IP address
// determine URL / referrer of current page
// establish client IP address
This information is in the header - but only if the proxy sends it. Most proxies don't, so it wouldn't do you any good.
However, it is available in the header when we get our module, so I've added code to mod_auth_mysql to parse it out. You'll be able to use it just like the %a parameter. If there is an "X-Forwarded-For" entry in the header, the module will validate this is an ipv4 address and not one of the private ranges. If so, it returns that address. In all other cases, it returns the same value as %a does.
I can send you a copy of the code to test. Please send me an email address if you would like to do so (use my sourceforge email if you don't wish to post it here).
I still need to implement ipv6 testing in the module so I won't be releasing it yet. I need to look through the RFC's to figure out what the private addresses are in it.
Jerry
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
right now, mod_auth_mysql taking the proxy ip as %a paramater. Is there a way that I can get the real ip instead of proxy ip.
I implemented the system in a way that authenticate user by their username/password and ipaddress. When user enter my website their ipaddress is automatically updated if their current ipaddress is in the same network/isp with their registered ipaddress. This can be done by comparing part of their current dns with their registered dns. However, if a user is under a proxy server, mod_auth_mysql does not know their real ip address. If that person share account this other member under the same proxy. Then both of them can access the system and download simultaneously.
Is there way I can make mod_auth_mysql check user real ip instead of proxy ip?
any suggestion is appreciated.
Sorry, if they're running behind a proxy, there is no way for any program on the web server to determine their real IP address.
Jerry
I think there is a piece of code in PHP to check for proxy ip. I implemented it in my server, it works nicely without any errors, here is the code for it. I hope you might want to include in the module for future release. Furthermore, I used mod_limitipconn, this module can also resolve real ip.
// establish client IP address
// determine URL / referrer of current page
// establish client IP address
$proxyip = '';
define('ALT_IP', $_SERVER['REMOTE_ADDR']);
if ($_SERVER['HTTP_FORWARDED'] != '')
{
$proxyip = $_SERVER['HTTP_FORWARDED'];
}
if ($_SERVER['HTTP_CLIENT_IP'] != '')
{
$proxyip = $_SERVER['HTTP_CLIENT_IP'];
}
if ($_SERVER['HTTP_X_FORWARDED_FOR'] != '')
{
$proxyip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
if (preg_match("#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#", $proxyip, $iplist))
{
$proxyip = $iplist[0];
// ## Uncomment this section to ignore private address ranges ## //
if (preg_match("#^(127|10|172\.(1[6-9]|2[0-9]|3[0-1])|192\.168|169\.254)\.#", $proxyip))
{
$proxyip = '';
}
}
else
{
$proxyip = '';
}
if ($proxyip == '')
{
define('PROXYIP', '');
define('IPADDRESS', $_SERVER['REMOTE_ADDR']);
}
else
{
define('PROXYIP', $_SERVER['REMOTE_ADDR']);
define('IPADDRESS', $proxyip);
}
unset($proxyip, $iplist);
// ## End of Proxy Hack ##
// determine URL / referrer of current page
Well, I'm partly wrong.
This information is in the header - but only if the proxy sends it. Most proxies don't, so it wouldn't do you any good.
However, it is available in the header when we get our module, so I've added code to mod_auth_mysql to parse it out. You'll be able to use it just like the %a parameter. If there is an "X-Forwarded-For" entry in the header, the module will validate this is an ipv4 address and not one of the private ranges. If so, it returns that address. In all other cases, it returns the same value as %a does.
I can send you a copy of the code to test. Please send me an email address if you would like to do so (use my sourceforge email if you don't wish to post it here).
I still need to implement ipv6 testing in the module so I won't be releasing it yet. I need to look through the RFC's to figure out what the private addresses are in it.
Jerry
thanks Jerry,
my email is ai_quoc@hotmail.com.
I won't be able to test your module in another month because I am building a new server for testing purpose now.
My current server cannot be tested because I got a lot of members in it. It just cannot be down for any reason.
Thanks again Jerry, I am looking forward to implemented into my system.
tscbh
OK, let me know.
Jerry