AsmBB

Power
Login Register
Threads Categories Chat

Real user IP address behind cloudflare/proxy

ganuonglachanh (ツ)

Hi johnfound

I'm using cloudflare so real user IP is hidden, asmbb only get cloudflare IP via REMOTE_ADDR header:

stdcall ValueByName, [edi+TSpecialParams.params], "REMOTE_ADDR"

Could you add support for getting the real IP address if these headers are found: via "CF-Connecting-IP" (only apply for cloudflare) or "X-Forwarded-For" (apply for non anonymous proxies but has 1 or multiple IPs)

More info here:

https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-CloudFlare-handle-HTTP-Request-headers-

johnfound (ツ)

That is something new for me. Will try to study the problem and fix it.

ganuonglachanh (ツ)

Can we temporary fix ?

; ; Attempts to retrive the most probable remote IP address of the user. ; ; right now, it uses very simple logic, but will be improved soon in ; order to properly manage the proxy servers and cloudflare forward ; mechanisms. ; proc GetRemoteIP, .pSpecial begin mov eax, [.pSpecial] stdcall ValueByName, [eax+TSpecialParams.params], "CF-Connecting-IP" jnc .ip2num stdcall ValueByName, [eax+TSpecialParams.params], "REMOTE_ADDR" jc .error .ip2num: stdcall StrIP2Num, eax jnc .finish .error: xor eax, eax .finish: return endp
johnfound (ツ)
ganuonglachanh

Can we temporary fix ?

; ; Attempts to retrive the most probable remote IP address of the user. ; ; right now, it uses very simple logic, but will be improved soon in ; order to properly manage the proxy servers and cloudflare forward ; mechanisms. ; proc GetRemoteIP, .pSpecial begin mov eax, [.pSpecial] stdcall ValueByName, [eax+TSpecialParams.params], "CF-Connecting-IP" jnc .ip2num stdcall ValueByName, [eax+TSpecialParams.params], "REMOTE_ADDR" jc .error .ip2num: stdcall StrIP2Num, eax jnc .finish .error: xor eax, eax .finish: return endp

Sure! I simply wanted to have it to support different proxies as well. But for you is OK as temporary solution.

©2016..2020 John Found; Licensed under EUPL; AsmBB v2.8 (check-in: 6d0d9d4bca1af5dd); SQLite v3.31.1 (check-in: 3bfa9cc97da10598); Powered by Assembly language; Created with Fresh IDE;