AsmBB

Power
Login Register

Real user IP address behind cloudflare/proxy
0

#16019 (ツ) ganuonglachanh
Created 12.03.2020, read: 2834 times

Hi johnfound

I'm using cloudflare so real user IP is hidden, asmbb only get cloudflare IP via REMOTE_ADDR header:

stdcall ValueByName, [edi+TSpecialParams.params], "REMOTE_ADDR"

Could you add support for getting the real IP address if these headers are found: via "CF-Connecting-IP" (only apply for cloudflare) or "X-Forwarded-For" (apply for non anonymous proxies but has 1 or multiple IPs)

More info here:

https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-CloudFlare-handle-HTTP-Request-headers-

#16024 (ツ) johnfound
Created 12.03.2020, read: 2832 times

That is something new for me. Will try to study the problem and fix it.

#16033 (ツ) ganuonglachanh
Last edited: 12.03.2020 by ganuonglachanh , read: 2827 times

Can we temporary fix ?


;
; Attempts to retrive the most probable remote IP address of the user.
;
; right now, it uses very simple logic, but will be improved soon in
; order to properly manage the proxy servers and cloudflare forward
; mechanisms.
;

proc GetRemoteIP, .pSpecial
begin
        mov     eax, [.pSpecial]
        stdcall ValueByName, [eax+TSpecialParams.params], "CF-Connecting-IP"
        jnc     .ip2num
        stdcall ValueByName, [eax+TSpecialParams.params], "REMOTE_ADDR"
        jc      .error
.ip2num:
        stdcall StrIP2Num, eax
        jnc      .finish

.error:
        xor     eax, eax

.finish:
        return
endp
#16034 (ツ) johnfound
Created 12.03.2020, read: 2825 times
ganuonglachanh

Can we temporary fix ?


;
; Attempts to retrive the most probable remote IP address of the user.
;
; right now, it uses very simple logic, but will be improved soon in
; order to properly manage the proxy servers and cloudflare forward
; mechanisms.
;

proc GetRemoteIP, .pSpecial
begin
        mov     eax, [.pSpecial]
        stdcall ValueByName, [eax+TSpecialParams.params], "CF-Connecting-IP"
        jnc     .ip2num
        stdcall ValueByName, [eax+TSpecialParams.params], "REMOTE_ADDR"
        jc      .error
.ip2num:
        stdcall StrIP2Num, eax
        jnc      .finish

.error:
        xor     eax, eax

.finish:
        return
endp

Sure! I simply wanted to have it to support different proxies as well. But for you is OK as temporary solution.

Real user IP address behind cloudflare/proxy
0

AsmBB v3.0 (check-in: a316dab8b98d07d9); SQLite v3.42.0 (check-in: 831d0fb2836b71c9);
©2016..2023 John Found; Licensed under EUPL. Powered by Assembly language Created with Fresh IDE