Recent Topics

B2evo hit log not displaying user IP, but server IP

Started by on Sep 25, 2018 – Contents updated: Oct 01, 2018

Sep 25, 2018 00:44    

Greetings!

I am having issues with the hit log. Back office > Analytics > All hits > IP address field is not displaying the IP address of the visitor, but for every visit I see the IP address of my server.

Now, I have a control panel (Vesta CP) installed on that particular server and apache and nginx come with the control panel.

In addition, I have another server where I have b2evo installed for testing purposes without the VestaCP control panel, just a basic LAMP setup and the hits log displays the IP address of the visitor. But, the installation with the control panel is displaying the IP address of the server in the hits log.

I am not sure if you are familiar with the Vesta CP control panel, but I believe the server IP is displayed because of it. I am just wondering if anyone knows why this issues is occurring and any hints on how it might be fixed.

Thanks a lot!

Sep 26, 2018 15:35

do you use reverse proxy in your web-server setup? Like apache proxied by nginx, for example?

Sep 26, 2018 16:08

Yes, nginx is used as a reverse proxy and I think that is why I see the server IP instead of the visitor's IP.

Sep 26, 2018 19:21

you have to add headers to nginx config near your proxy_pass line, something like

proxy_set_header  Host $host;
proxy_set_header  X-Real-IP $remote_addr;
proxy_set_header  X-Forwarded-Proto $scheme;
proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header  X-Forwarded-Host $remote_addr;

Sep 27, 2018 12:24

Thanks for the help. I tried to add it under the proxy pass line but it doesn’t work. I tried turning off nginx as a proxy and nothing.

I noticed that all my logs have the user IP, only the b2evo back office the server IP, even with proxying turned off.

Earlier I had cloudflare active. Even with cloudflare I got the server IP in the backoffice, not cloudflare’s IP.

I could just track the logs if I have to block IPs, but that would be tiresome and that b2evo functionality would be useless.

Sep 27, 2018 16:20

yeah, looks like b2evo is not taking into account all proxy-passed X-* headers..
It is an easy fix, I'll test it and publish here, most likely tomorrow

Sep 28, 2018 17:52

Thanks dm for your time and help! I have tried to implement everything without any luck. I still see the server IP in my b2evo back-office hits log. If I further explain my setup, maybe we can determine if I am doing something wrong.

File that I am editing> etc/nginx/conf.d/ xxx.xxx.xx.xx.conf ('x' is the server IP address and the file's name is SERVERIP.conf )

The file contains the following code:

server {
    listen       xxx.xxx.xx.xx:80 default;
    server_name  _;
    #access_log  /var/log/nginx/xxx.xxx.xx.xx.log main;
    location / {
		proxy_set_header  Host $host;
		proxy_set_header  X-Real-IP $remote_addr;
		proxy_set_header  X-Forwarded-Proto $scheme;
		proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header  X-Forwarded-Host $remote_addr;
		proxy_set_header REMOTE_ADDR $remote_addr;
        proxy_pass  http://xxx.xxx.xx.xx:8080;
   }
}

I have also installed the remote ip mod and created a file> /etc/apache2/conf-available/remoteip.conf as per the instructions on the github gist page and that file contains the following code:

RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy xxx.xxx.xx.xx

Again, 'x' is my server IP.

When I do ls /etc/apache2/mods-enabled/ I see "remoteip.load".

I believe I have followed all of the steps. If you see something that is wrong please let me know.

Oct 01, 2018 13:05

can you post here what is your $_SERVER variable seen by PHP?

<?php
print_r($_SERVER);

Oct 01, 2018 14:21

I have researched the issue further and have come to a conclusion that everything on the server side was configured correctly. My server logs display the visitor's IP and everything else is working fine. But, only the b2evo installation is not registering the visitor's IP in the back office.

When I do print_r($_SERVER); and when I check phpinfo(); I get:

[HTTP_X_REAL_IP] => visitor's IP
[HTTP_X_FORWARDED_FOR] => visitor's IP
[SERVER_ADDR] => server IP
[REMOTE_ADDR] => server IP

After some digging, I came to a conclusion that b2evo files needed to be configured. I updated b2evo files by replacing [SERVER_ADDR] with [HTTP_X_REAL_IP] and now I get the visitor's IP in my back office.

I updated the following files: antispam.funcs.php and misc.funcs.php


Form is loading...

powered by b2evolution – This forum is powered by b2evolution CMS, a complete engine for your website.