Simple Login Log
[resolved] Log real IP (6 posts)

  1. Dr.Bier
    Posted 2 years ago #


    Here is a small code change to log real-ip instead of You need to set X-Real-IP header in your web-server when proxying. Change line 424 to:


    Best regards,


  2. Max Chirkov
    Plugin Author

    Posted 2 years ago #

    Thanks, Alexander! It's now implemented in version 0.9.5

  3. Jim
    Posted 2 years ago #

    Relevant information on the difficulties determining the real IP address.



    There is a danger of introducing a spoofed IP address vulnerability.

  4. Max Chirkov
    Plugin Author

    Posted 2 years ago #

    Hi Jim,

    I'm not a security expert, but in our case we're simply loggin information - we're not using any IPs for authentication purposes. With the same success, I can simply leave the IP field as it was (REMOTE_ADDR) and add HTTP_X_REAL_IP under the DATA field, together with header information. As far as I know, header information together with User-Agent can be spoofed as well, but we don't really worry about that either.

    Unless I'm missing your point?

  5. Jim
    Posted 2 years ago #

    I am no security expert either, and true, this is simply logging information. I commented because I found a lot of poor information and bad code examples about this topic while searching for more information, and added the comment above to point to relevant information for those that want it. In the case of Simple Login Log, this change wouldn't introduce a vulnerability.

    Assuming REMOTE_ADDR is not a local IP (such as, if HTTP_X_REAL_IP and REMOTE_ADDR were different, that would be information of interest to me.

    Thanks for the work in Login Log, it's a useful plugin.

  6. Max Chirkov
    Plugin Author

    Posted 2 years ago #


    I appreciate your input! I've never heard about HTTP_X_REAL_IP before, and I make quite a few security errors in my plugins, due to lack of experience. Thanks for the links as well - I have a little better understanding of this now. I made a note to myself to log both IPs - I think this would make it more useful.

    Thanks again and have a great weekend!

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Simple Login Log
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic