Posted by blender1968 on July 31, 2008 at 4:56pm
[Previously sent to Drupal-Support but received no response]
Hi All,
I have nginx 0.7.6 in front of Drupal 6.3 in a test environment.
I have edited settings.php:
'reverse_proxy' => TRUE,
'reverse_proxy_addresses' => array('192.168.2.179'),
Where can I look to see a X-Forwarded-For address? I don't see it in
the sessions table (hostname).
I have tested with plain old PHP to confirm that my proxy setup is
copesetic and written X-Forwarded-For into the apache log (i.e.
%{X-Forwarded-For}i) but how do I confirm my proxy setup is working
with Drupal?
My apologies if this is obvious! But smite me with the answer!
Cheers
Jason
Comments
In D6, used in bootstrap.inc, function ip_address()
In D6 these settings are used in function ip_address(), located in bootstrap.inc.
Note that the X-Forwarded-for header could be spoofed by a user agent, so you should only trust it, if Remote-Addr is one of your known proxies.
Re: In D6, used in bootstrap.inc, function ip_address()
Thanks for your reply.
Isn't that what the 'reverse_proxy_addresses' parameter is for?
Anyway I included:
echo ($_SERVER['HTTP_X_FORWARDED_FOR']);
in bootstrap.inc and I do get the correct (real) ip of the client.
But I still don't see it in the sessions table (hostname column). I think I should.
Perhaps my test is flawed in some way. Would be great to hear the experiences of others.
Thanks!
Cheers
Jason
sessions table should show client IP, not proxy IP
Drupal sessions management gets the user IP using ip_address() as well, so in sessions table you should see real user IP. XFF is not stored.
What do you see in hostname column, sessions table? Not sure if I understood the problem. :-/
hostname column
is populated with 127.0.0.1, i.e.:
*************************** 5. row ***************************
uid: 1
sid: 140ea7c863bcb0a5d40893805851fde1
hostname: 127.0.0.1
timestamp: 1217610701
cache: 0
session: user_overview_filter|a:0:{}
This session corresponds to a login from 192.168.2.195. session.inc has:
db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time());
and the ip_address() function comes from bootstrap.inc so I guess the question is: Why isn't Drupal populating ip_address with X-Real-IP from a reverse_proxy for sessions when it is available?
nginx.conf has:
proxy_set_header X-Real-IP $remote_addr;
Am I missing something?
Cheers
X-Forwarded-For not X-Real-IP
Drupal currently uses X-Forwarded-For, and not X-Real-IP.
This is where it all started http://drupal.org/node/142773, and there are several followup issues.
If X-Real-IP is a semi-standard, then please submit a patch for it to be included. It should be quite easy.
Drupal performance tuning, development, customization and consulting: 2bits.com, Inc..
Personal blog: Baheyeldin.com.
Drupal performance tuning, development, customization and consulting: 2bits.com, Inc..
Personal blog: Baheyeldin.com.
Is it possible to touch nginx.conf ?
If is it possible to change this line:
proxy_set_header X-Real-IP $remote_addr;By something like this?
proxy_set_header X-Forwarded-For $remote_addr;That is the header Drupal expects.
Works, thanks!
Relevant section from nginx.conf:
[#] proxy_set_header X-Real-IP $remote_addr;
[#] proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $remote_addr;
I guess X-Real-IP is nginx specific...
Cheers