[CORE-2349] Add support for the x-forwarded-for header for load balanced environments - Blesta

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 4.0.0-b5
Fix Version/s: 4.5.0-b1
Component/s: Staff Interface
Labels:
None

Description

Blesta logs the IP addresses for user logins, sends new order IP addresses to Maxmind (if enabled in the order plugin) for fraud checks, and uses IP addresses for various GeoIP features.

When Blesta is used under a load balanced environment, $_SERVER['REMOTE_ADDR']; will report the load balancer's IP address and not that of the client. This creates a problem in that Blesta is unaware of the clients actual IP address. (By client, I'm referring to the browser client. This affects both Clients and Staff within Blesta)

If the x-forwarded-for header exists, which is or can be set by a load balancer, we should use this instead everywhere we utilize the client's IP address. See https://www.chriswiegman.com/2014/05/getting-correct-ip-address-php/ for more information on getting the right IP address in such a situation.

Issue Links

blocks

CORE-2913 Order: Allow IPs from the x-forwarded-for header

Closed

CORE-2914 PHPIDS: Allow IPs from the x-forwarded-for header

Closed

CORE-2915 Shared Login: Allow IPs from the x-forwarded-for header

Closed

Activity

Ascending order - Click to sort in descending order

Paul Phillips created issue - 27/Feb/17 7:04 PM

Tyson Phillips (Inactive) made changes - 06/Jul/18 4:55 PM

Field	Original Value	New Value
Story Points		3

Tyson Phillips (Inactive) made changes - 18/Jul/18 7:42 PM

Sprint

4.5.0 Sprint 1 [ 66 ]

Tyson Phillips (Inactive) made changes - 18/Jul/18 7:42 PM

Rank

Ranked higher

Tyson Phillips (Inactive) made changes - 19/Jul/18 2:56 PM

Sprint

4.5.0 Sprint 1 [ 66 ]

4.5.0 Sprint 2 [ 67 ]

Tyson Phillips (Inactive) made changes - 19/Jul/18 2:56 PM

Rank

Ranked lower

Automated transition triggered when Tyson Phillips (Inactive) created a branch in Stash - 08/Nov/18 3:42 PM

Status

Open [ 1 ]

In Progress [ 3 ]

Tyson Phillips (Inactive) made changes - 08/Nov/18 3:42 PM

Assignee

Tyson Phillips [ tyson ]

Tyson Phillips (Inactive) made changes - 08/Nov/18 3:42 PM

Fix Version/s

4.5.0-b1 [ 11108 ]

Tyson Phillips (Inactive) made changes - 08/Nov/18 3:43 PM

Fix Version/s

Short Term [ 10800 ]

Tyson Phillips (Inactive) made changes - 08/Nov/18 3:43 PM

Security

Private [ 10000 ]

Tyson Phillips (Inactive) made changes - 08/Nov/18 5:36 PM

Link

This issue blocks ~~CORE-2913~~ [ ~~CORE-2913~~ ]

Tyson Phillips (Inactive) made changes - 08/Nov/18 6:37 PM

Link

This issue blocks ~~CORE-2914~~ [ ~~CORE-2914~~ ]

Tyson Phillips (Inactive) made changes - 08/Nov/18 6:41 PM

Link

This issue blocks ~~CORE-2915~~ [ ~~CORE-2915~~ ]

Automated transition triggered when Tyson Phillips (Inactive) created pull request #575 in Stash - 08/Nov/18 7:14 PM

Status	In Progress [ 3 ]	In Review [ 5 ]
Resolution		Fixed [ 1 ]

Tyson Phillips (Inactive) made changes - 08/Nov/18 7:15 PM

Remaining Estimate		0 minutes [ 0 ]
Time Spent		3 hours, 28 minutes [ 12480 ]
Worklog Id	11670 [ 11670 ]

Jonathan Reissmueller made changes - 09/Nov/18 12:00 PM

Time Spent	3 hours, 28 minutes [ 12480 ]	3 hours, 49 minutes [ 13740 ]
Worklog Id	11672 [ 11672 ]

Automated transition triggered when Tyson Phillips (Inactive) merged pull request #575 in Stash - 09/Nov/18 12:40 PM

Status

In Review [ 5 ]

Closed [ 6 ]

People

Assignee:

Tyson Phillips (Inactive)

Reporter:

Paul Phillips

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

27/Feb/17 7:04 PM

Updated:

09/Nov/18 12:40 PM

Resolved:

08/Nov/18 7:14 PM

Fix Release Date:

31/Jan/19

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

3h 49m

Agile

Completed Sprint:

4.5.0 Sprint 2 ended 15/Nov/18
View on Board