WordPress.org

Forums

ThreeWP Activity Monitor
Wrong IP saved if proxy in front of webserver (2 posts)

  1. Ov3rfly
    Member
    Posted 2 years ago #

    On a customer site which has a proxy in the datacenter, ThreeWP Activity Monitor 2.11 gives me the IP of that proxy instead of the real user IP.

    This can happen if $_SERVER['REMOTE_ADDR'] is used, see also here.

    If you have the same problem, here are the necessary adjustments in file ThreeWP_Activity_Monitor.php, note the new var $_ip_addr

    About line 1075:

    $bloginfo_url = get_bloginfo('url');		// Convenience
    $options['blog_id'] = $blog_id;
    
    $this->fix_remote_host();
    
    $_ip_addr = $_SERVER['REMOTE_ADDR'];
    if ( array_key_exists( 'HTTP_X_FORWARDED_FOR', $_SERVER ) )
    	$_ip_addr = array_pop( explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] ) );
    
    $replacements = array(
    	[...]
    	'%server_http_user_agent%' => esc_html( $_SERVER['HTTP_USER_AGENT'] ),
    	'%server_http_remote_host%' => isset( $_SERVER['REMOTE_HOST'] ) ? $_SERVER['REMOTE_HOST'] : '',
    	'%server_http_remote_addr%' => $_ip_addr,
    );

    Around line 1460:

    private function make_ip($type = 'text1')
    {
    	$this->fix_remote_host();
    
    	$_ip_addr = $_SERVER['REMOTE_ADDR'];
    	if ( array_key_exists( 'HTTP_X_FORWARDED_FOR', $_SERVER ) )
    		$_ip_addr = array_pop( explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] ) );
    
    	switch($type)
    	{
    		case 'text1':
    			if ( isset( $_SERVER['REMOTE_HOST'] ) )
    				return $_SERVER['REMOTE_HOST'] . ' ('.$_ip_addr.')';
    			else
    				return $_ip_addr;
    		break;
    		case 'text2':
    			if ( isset( $_SERVER['REMOTE_HOST'] ) )
    				return $_SERVER['REMOTE_HOST'] . ' / '.$_ip_addr;
    			else
    				return $_ip_addr;
    		break;
    		case 'html1':
    			if ( isset( $_SERVER['REMOTE_HOST'] ) )
    				return '<span title="'.$_ip_addr.'">' . $_SERVER['REMOTE_HOST'] . '</span>';
    			else
    				return $_ip_addr;
    		break;
    		case 'html2':
    			if ( isset( $_SERVER['REMOTE_HOST'] ) )
    				return $_SERVER['REMOTE_HOST'] . ' <span class="threewp_activity_monitor_sep">|</span> '.$_ip_addr;
    			else
    				return $_ip_addr;
    		break;
    	}
    }

    Around line 1700:

    private function fix_remote_host()
    {
    	$_ip_addr = $_SERVER['REMOTE_ADDR'];
    	if ( array_key_exists( 'HTTP_X_FORWARDED_FOR', $_SERVER ) )
    		$_ip_addr = array_pop( explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] ) );
    
    	$new_remote_host = ( isset( $_SERVER['REMOTE_HOST'] ) ) ? $_SERVER['REMOTE_HOST'] : @gethostbyaddr( $_ip_addr );
    	if ( $new_remote_host != $_ip_addr )
    		$_SERVER['REMOTE_HOST'] = esc_html( $new_remote_host );
    }

    http://wordpress.org/extend/plugins/threewp-activity-monitor/

  2. Ov3rfly
    Member
    Posted 2 years ago #

    After some more research it turns out that this problem is known to WordPress developers since quite a while with no solution yet available.

    A comment has been added to php source of /wp-includes/comment.php which points to http://core.trac.wordpress.org/ticket/9235

    A possible "easy" solution besides patching wp-config.php or similar seems to be a plugin like Proxy Real IP: http://wordpress.org/extend/plugins/proxy-real-ip/

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.