Real IP Address of Client and SSL status

  • Posts: 292
  • Thank you received: 5
  • Hikashop Business
13 years 3 months ago #22287

Had an interesting encounter with a server sitting behind a hardware load balancer - the app sees all traffic as http and the client IP address it sees is the address of the load balancer!

Looking at the Hikashop code there are various checks of the form $_SERVER.

From my investigations so far it looks like a more robust check for SSL is something like this (the HTTP_X_FORWARDED_PROTO value might need to be enabled by the server administrator):

if ( (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) ||
     (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') ) {
  ... handle SSL case ...
}
else {
  ... handle non-SSL case ...
}

Similarly for the client IP address need to code something like this:
> function GetUserIP() {
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) $client_ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if (isset($_SERVER["HTTP_CLIENT_IP"])) $client_ip = $_SERVER["HTTP_CLIENT_IP"];
else $client_ip = $_SERVER["REMOTE_ADDR"];

Is it possible to modify Hikashop code to cater for this situation or do you have other suggestions as to how this type of setup might be handled? - seems too complicated a setup for my liking, although I can see the logic of simplifying the upgrade process if your site traffic outgrows your environment.

Looking at core Joomla 1.6 code it also does a simple $_SERVER check.

See:
Dire load balancing straits
Joomla proxy patch
Getting real IP of your users

Please Log in or Create an account to join the conversation.

  • Posts: 82868
  • Thank you received: 13375
  • MODERATOR
13 years 3 months ago #22290

We'll include that improvement about the HTTP_X_FORWARDED_PROTO variable in next release. For the IP address, we already handle it that way, so there is nothing to do.
Even without that improvement, it should still work. We have code in place in order to avoid redirect loops to https when https is not detected and that the https redirect is activated in hikashop.

Please Log in or Create an account to join the conversation.

  • Posts: 292
  • Thank you received: 5
  • Hikashop Business
13 years 3 months ago #22291

Thanks.

Please Log in or Create an account to join the conversation.

Time to create page: 0.048 seconds
Powered by Kunena Forum