AsmBB

Power
Login Register

Real user IP address behind cloudflare/proxy

#16019 (ツ) ganuonglachanh
Created 12.03.2020, read: 543 times

Hi johnfound

I'm using cloudflare so real user IP is hidden, asmbb only get cloudflare IP via REMOTE_ADDR header:

stdcall ValueByName, [edi+TSpecialParams.params], "REMOTE_ADDR"

Could you add support for getting the real IP address if these headers are found: via "CF-Connecting-IP" (only apply for cloudflare) or "X-Forwarded-For" (apply for non anonymous proxies but has 1 or multiple IPs)

More info here:

https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-CloudFlare-handle-HTTP-Request-headers-

#16024 (ツ) johnfound
Created 12.03.2020, read: 541 times

That is something new for me. Will try to study the problem and fix it.

#16033 (ツ) ganuonglachanh
Last edited: 12.03.2020 by ganuonglachanh , read: 536 times

Can we temporary fix ?


;
; Attempts to retrive the most probable remote IP address of the user.
;
; right now, it uses very simple logic, but will be improved soon in
; order to properly manage the proxy servers and cloudflare forward
; mechanisms.
;

proc GetRemoteIP, .pSpecial
begin
        mov     eax, [.pSpecial]
        stdcall ValueByName, [eax+TSpecialParams.params], "CF-Connecting-IP"
        jnc     .ip2num
        stdcall ValueByName, [eax+TSpecialParams.params], "REMOTE_ADDR"
        jc      .error
.ip2num:
        stdcall StrIP2Num, eax
        jnc      .finish

.error:
        xor     eax, eax

.finish:
        return
endp
#16034 (ツ) johnfound
Created 12.03.2020, read: 534 times
ganuonglachanh

Can we temporary fix ?


;
; Attempts to retrive the most probable remote IP address of the user.
;
; right now, it uses very simple logic, but will be improved soon in
; order to properly manage the proxy servers and cloudflare forward
; mechanisms.
;

proc GetRemoteIP, .pSpecial
begin
        mov     eax, [.pSpecial]
        stdcall ValueByName, [eax+TSpecialParams.params], "CF-Connecting-IP"
        jnc     .ip2num
        stdcall ValueByName, [eax+TSpecialParams.params], "REMOTE_ADDR"
        jc      .error
.ip2num:
        stdcall StrIP2Num, eax
        jnc      .finish

.error:
        xor     eax, eax

.finish:
        return
endp

Sure! I simply wanted to have it to support different proxies as well. But for you is OK as temporary solution.

AsmBB v2.9 (check-in: 6d407831308ba556); SQLite v3.31.1 (check-in: 3bfa9cc97da10598);
©2016..2020 John Found; Licensed under EUPL. Powered by Assembly language Created with Fresh IDE