Prestashop 1.6 wrongly locates user when using CDN that changes REMOTE_ADDR for security reasons

[conhelrad]

Hello, I'm using a CDN (not using the mediaserver, I mean fully not only for static files. With changed dns and stuff) and a firewall since a few days. They send SFF headers with 3 IPs : theirs, firewall's and client's (HTTP_X_FORWARDED_FOR). While discovering this, I found out that a module (that is showing prices with and without taxes) wasn't working right (it shows only the prices without taxes). I guess that's connected and I tried to figure out what IP Prestashop gives and it's never the good one.

Is there a way to force PS to use only x_forwarded_for and make sure it locates users while knowing this ?

I had a look at class/Tools.php that gives the x forwarded only if remote_addr is empty (which is a problem). 

 

Thank you

Edited March 14, 2019 by conhelrad (see edit history)

[conhelrad]

If anyone has the same problem.

Check the headers sent by the CDN

print_r($_SERVER)

find out in what header they send the visitor's IP and change the value of $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] with the actual IP at the top of your code (for exemple config/config.inc.php) 

Quote

if (isset($_SERVER['IP_SENT_BY_CDN']) && $_SERVER['IP_SENT_BY_CDN']!='') {
    $_SERVER['HTTP_X_FORWARDED_FOR'] = $_SERVER['IP_SENT_BY_CDN'];
    $_SERVER['REMOTE_ADDR'] = $_SERVER['IP_SENT_BY_CDN'];
}

This might solve it.

Edited March 14, 2019 by conhelrad (see edit history)