-
Notifications
You must be signed in to change notification settings - Fork 750
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Enhancement]: DNN behind Cloudflare - HTTP_X_FORWARDED_FOR #6145
Comments
Related? to #5073 ? This sounds like an enhancement that a lot of people would appreciate. Well, at least me! |
@fablaser can you try setting it here and see if that works ? |
Hello, |
Yes, it is related to it! I did not noticed this previous request |
Just reading some code, it looks like one could add an entry in the HostSettings table to specify that header |
Hello I tried to add a new record in HostSettings table with these values: SettingName: UserRequestIPHeader Then I cleared cache and recycled app pool, but the result is always the same: every failed login, in logs, has the cloudflare ip address... |
Hello, |
Wait, what? Are you saying,
needed to be lowercase? |
That is surprising, they document it with capitals https://developers.cloudflare.com/fundamentals/reference/http-request-headers/#x-forwarded-for |
In SQL HostSettings table. When DNN launces this code:
AllKeys.Contains(userRequestIPHeader)) does not matches "X-Forwarded-For", it is seems to be case sensitive. |
Perhaps it should be useful to change the code using Contains(userRequestIPHeader, IEqualityComparer) so that it would be case insensitive... |
Oh, I see, so you went from |
I wont ask again, please take me off your mailing list, NOW!
Frank DeSocio
Bpaa Executive Director
817-385-8428
316-648-2479 cell
From: Daniel Valadas ***@***.***>
Sent: Thursday, October 3, 2024 7:46 AM
To: dnnsoftware/Dnn.Platform ***@***.***>
Cc: Subscribed ***@***.***>
Subject: Re: [dnnsoftware/Dnn.Platform] [Enhancement]: DNN behind Cloudflare - HTTP_X_FORWARDED_FOR (Issue #6145)
Caution: This message came from outside the IBC network. Use caution with links and attachments.
Oh, I see, so you went from X-FORWARDED-FOR to X-Forwarded-For right ?
—
Reply to this email directly, view it on GitHub<#6145 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AFO2FYUHI7KYFSFBA3A37WTZZU4BFAVCNFSM6AAAAABPFYXO3OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGOJRGMZTCMRUHE>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
@ronnydodd I did not email you, this is a reply to a github issue, not sure how but you are somehow following this issue. Please go to #6145 and unsubscribe from it if you don't want these emails. |
In my own code I used X-FORWARDED-FOR, but it does not matter if I use request.Headers['X-FORWARDED-FOR'], request.Headers['X-Forwarded-For'] or request.Headers['x-forwarded-for'], they will work fine. The issue has been caused by "request.Headers.AllKeys.Contains(userRequestIPHeader)" in DNN code you mentioned yesterday. "Contains" method is case sensitive. In my header's collection I see "x-forwarded-for" (lower), so I need to use this string in hostsettings table. So, the line should be modified in order to use Request.Headers.AllKeys.Contains(userRequestIPHeader, iEqualityComparer) and make the comparison caseinsensitive. |
I use x-forwarded-for in the Hostsettings table and that works fine. All small letters |
INSERT INTO [dbo].[HostSettings] |
Is there an existing issue for this?
Description of problem
Hello, I have some websites behind Cloudflare's WAF. I currently use Request.ServerVariables("HTTP_X_FORWARDED_FOR") for my own applicatoin log. So I can log real IP address of clients, not just Cloudflare ip addresses. It would be useful to have an option that allows DNN to log IP using this variable.
Description of solution
implement Request.ServerVariables("HTTP_X_FORWARDED_FOR")
Description of alternatives considered
No response
Anything else?
No response
Do you be plan to contribute code for this enhancement?
Would you be interested in sponsoring this enhancement?
Code of Conduct
The text was updated successfully, but these errors were encountered: