Jump to content

Prestashop 1.6 wrongly locates user when using CDN that changes REMOTE_ADDR for security reasons


conhelrad

Recommended Posts

Hello, I'm using a CDN (not using the mediaserver, I mean fully not only for static files. With changed dns and stuff) and a firewall since a few days. They send SFF headers with 3 IPs : theirs, firewall's and client's (HTTP_X_FORWARDED_FOR). While discovering this, I found out that a module (that is showing prices with and without taxes) wasn't working right (it shows only the prices without taxes). I guess that's connected and I tried to figure out what IP Prestashop gives and it's never the good one.

Is there a way to force PS to use only x_forwarded_for and make sure it locates users while knowing this ?

I had a look at class/Tools.php that gives the x forwarded only if remote_addr is empty (which is a problem). 

 

Thank you

Edited by conhelrad (see edit history)
Link to comment
Share on other sites

  • 2 weeks later...

If anyone has the same problem.

Check the headers sent by the CDN

print_r($_SERVER)

find out in what header they send the visitor's IP and change the value of $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] with the actual IP at the top of your code (for exemple config/config.inc.php) 

Quote

if (isset($_SERVER['IP_SENT_BY_CDN']) && $_SERVER['IP_SENT_BY_CDN']!='') {
    $_SERVER['HTTP_X_FORWARDED_FOR'] = $_SERVER['IP_SENT_BY_CDN'];
    $_SERVER['REMOTE_ADDR'] = $_SERVER['IP_SENT_BY_CDN'];
}

This might solve it.

Edited by conhelrad (see edit history)
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...