Possiblity to use X-Forwarded-For (or other similar header) as client IP.

Created on 30 April 2024, 8 months ago

Problem/Motivation

When behind certain load balancers, proxy or threat assessment platforms there is situation where clientIp will have incorrect data as all traffic will have one or a few sources. While using the clientIp in the majority of cases is correct, it would be useful to have an option to get the IP from a header, such a solution probably would need to allow for a setup for a pattern to get it as there might be multiple ips in such headers etc, and how they work will differ from service to service.

Proposed resolution

Probably something on the line of, check if a header is set to be checked and which header.
Get the value and check so its not zero before using it as the ip to ban / check for ban, and then fetch out the individual ips as the place I seen it has values like "x.x.x.x, y.y.y.y" (so a comma separated list of IPs)

✨ Feature request
Status

Closed: works as designed

Version

11.0 πŸ”₯

Component
BanΒ  β†’

Last updated about 1 month ago

No maintainer
Created by

πŸ‡ΈπŸ‡ͺSweden VAnnergard

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @VAnnergard
  • Status changed to Postponed: needs info 8 months ago
  • Parsing X-Forwarded-For is a core capability. See settings.php for how to set it up. If this is something else it needs more explanation.

  • Status changed to Closed: works as designed 8 months ago
  • πŸ‡ΈπŸ‡ͺSweden VAnnergard

    settings.php should be enough.

    (For some reason this did not come up in all my searches for x-forwarded-for and Drupal, probably because it was drowning in old results)

Production build 0.71.5 2024