Possiblity to use X-Forwarded-For (or other similar header) as client IP.

Created on 30 April 2024, 7 months ago

Problem/Motivation

When behind certain load balancers, proxy or threat assessment platforms there is situation where clientIp will have incorrect data as all traffic will have one or a few sources. While using the clientIp in the majority of cases is correct, it would be useful to have an option to get the IP from a header, such a solution probably would need to allow for a setup for a pattern to get it as there might be multiple ips in such headers etc, and how they work will differ from service to service.

Proposed resolution

Probably something on the line of, check if a header is set to be checked and which header.
Get the value and check so its not zero before using it as the ip to ban / check for ban, and then fetch out the individual ips as the place I seen it has values like "x.x.x.x, y.y.y.y" (so a comma separated list of IPs)

✨ Feature request

Status

Closed: works as designed

Version

11.0 🔥

Component

Ban →

Last updated 5 days ago

No maintainer

Created by

🇸🇪Sweden VAnnergard

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @VAnnergard
Status changed to Postponed: needs info 7 months ago10:58am 30 April 2024
Comment 7 months ago →
cilefen
Parsing X-Forwarded-For is a core capability. See settings.php for how to set it up. If this is something else it needs more explanation.
Status changed to Closed: works as designed 7 months ago11:15am 30 April 2024
Comment 7 months ago →
🇸🇪Sweden VAnnergard
settings.php should be enough.

(For some reason this did not come up in all my searches for x-forwarded-for and Drupal, probably because it was drowning in old results)

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024