Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to extract public IP address from header 'HTTP_X_FORWARDED_FOR' #1653

Closed
jlegido opened this issue Feb 4, 2021 · 3 comments
Closed

Unable to extract public IP address from header 'HTTP_X_FORWARDED_FOR' #1653

jlegido opened this issue Feb 4, 2021 · 3 comments
Labels
triage/need-fix triage/solved v3 3.0 version

Comments

@jlegido
Copy link

jlegido commented Feb 4, 2021

sysPass Version

3.2 (321.21011601)
Config: 321.21011601
App: 321.21011601
DB: 321.21011601

Describe the bug
The application is not taking IP address from header 'HTTP_X_FORWARDED_FOR'

To Reproduce

  1. Setup syspass behind a reverse proxy (in my case traefik)
  2. Perform a request to the syspass URL
  3. Tail the logs

Expected behavior
See IP extracted from header 'HTTP_X_FORWARDED_FOR' in the logs

Found behavior
I can see the private IP from the load balancer (in this case traefik)

Screenshots
N/A

Event log
N/A

Platform (please complete the following information):

  • OS: Linux
  • OS Debian testing
  • Browser Firefox

Additional context
I know that I can replace the logged IP at apache level, but I need to set the IP to features like:

  • Log an incorrect login attempt
  • Block too many requests

So far I'm looking at function getForwardedFor()in lib/SP/Http/Request.php.

Many thanks to all the people involved in this project for their time.

Cheers.
@jlegido
Copy link
Author

jlegido commented Feb 9, 2021

My quick and dirt hack, just in case somebody else is interested:

Edit lib/SP/Http/Request.php:

vim lib/SP/Http/Request.php

And edit below piece of code:

/*
            $matches = preg_split('/(?<=[\w])+,\s?/i',
                $xForwarded,
                -1,
                PREG_SPLIT_NO_EMPTY);

            if (count($matches) > 0) {
                return $matches;
            }
*/
        return array($_SERVER["HTTP_X_FORWARDED_FOR"]);

@nuxsmin
Copy link
Owner

nuxsmin commented Mar 13, 2021

Hello,

it seems that this header wasn't parsed correctly. Thanks for the feedback!

Regards

Fernand0S pushed a commit to Fernand0S/sysPass that referenced this issue Sep 19, 2021
@nuxsmin
* [FIX] HTTP_X_FORWARDED_FOR header wasn't parsed. Thanks to @jlegido
c0dc530 
…for the feedback. Closes nuxsmin#1653

Signed-off-by: Rubén D <[email protected]>
@zmiguelb
Copy link

zmiguelb commented Dec 6, 2021
edited
Loading

Hello,
Nice work everyone with syspass, really good tool.

Please can you re-open this issue.

The name of the header in php is "HTTP_X_FORWARDED_FOR" however the header itself is "X_FORWARDED_FOR" without the "HTTP_". This is what is causing the issue.

The php function used in /var/www/html/sysPass/lib/SP/Http/Request.php should be changed from this:

185: $xForwarded = $this->headers->get('HTTP_X_FORWARDED_FOR');
491: $forwardedHost = $this->getHeader('HTTP_X_FORWARDED_HOST');
492: $forwardedProto = $this->getHeader('HTTP_X_FORWARDED_PROTO');

to this:

185: $xForwarded = $this->headers->get('X_FORWARDED_FOR');
491: $forwardedHost = $this->getHeader('X_FORWARDED_HOST');
492: $forwardedProto = $this->getHeader('X_FORWARDED_PROTO');

@nuxsmin

Kind regards,
zmiguelb

zmiguelb pushed a commit to zmiguelb/sysPass that referenced this issue Dec 6, 2021
@miguelbernardoREN
Fix for issue nuxsmin#1653
25bb7ac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage/need-fix triage/solved v3 3.0 version
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nuxsmin @jlegido @zmiguelb