EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #09008
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
Re: [EP-tech] Finding remote IP
- To: "eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk>, "Matthew Brady" <Matthew.Brady@usq.edu.au>
- Subject: Re: [EP-tech] Finding remote IP
- From: John Salter <J.Salter@leeds.ac.uk>
- Date: Wed, 13 Jul 2022 07:57:31 +0000
CAUTION: This e-mail originated outside the University of Southampton.
Hi Matt, I think this discussion:
https://github.com/eprints/eprints/issues/214 may be useful. This was around Apache 2.2 / 2.4 changes, but relevant to your question. The $repo->remote_ip will deal with X-Forwarded-For headers, and presents the client IP. IMO, this is OK for logging requests. For use in security.pl, you need to work out where your trust ends. e.g. if you are presented with a chain of 4 IP addresses in an X-Forwarded-For header, you may only want to trust those that you are in control of. Anything beyond a proxy that you (or your institution) are in control of could be spoofing information. Let me know if that helps, or if you want more details. Cheers, John From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk]
On Behalf Of Matthew Brady via Eprints-tech CAUTION:
This e-mail originated outside the University of Southampton. Hi All, In the 3.3.16 codebase we use, there is a section within the security.pl file, to allow decisions to be made based on where the request comes from.. which has been in place for 10+ years, my $ip = $r->connection()->remote_ip(); Changes within our systems space (proxies, load balancers et. al.), now see this call returning the wrong IP. Not getting the actual requester machine IP, but an intermediatory. The curious thing is, the Apache access logs, and the details stored via LogHandler.pm (details stored in db access table), have the correct IP. It uses the following two lines to get the ip…. my $doc = $r->pnotes( "document" ); my $ip = $doc->repository->remote_ip;
Just wondering if anyone with understanding of the perl magic that’s going on, can foresee problems using the LogHandler code within the security.pl. Testing so far shows it produces the correct results for whitelisting etc, within the security.pl logic. Cheers, Matt __________________________________________________________________
This email (including any attached files) is confidential and is
for the intended recipient(s) only. If you received this email by
mistake, please, as a courtesy, tell the sender, then delete this
email. The views and opinions are the originator's and do not necessarily
reflect those of the University of Southern Queensland. Although
all reasonable precautions were taken to ensure that this email
contained no viruses at the time it was sent we accept no
liability for any losses arising from its receipt. The University of Southern Queensland is a registered provider
of education with the Australian Government.
(CRICOS Institution Code QLD 00244B / NSW 02225M, TEQSA PRV12081)
|
- Follow-Ups:
- Re: [EP-tech] Finding remote IP
- From: John Salter <J.Salter@leeds.ac.uk>
- Re: [EP-tech] Finding remote IP
- References:
- [EP-tech] Finding remote IP
- From: Matthew Brady <Matthew.Brady@usq.edu.au>
- Re: [EP-tech] Finding remote IP
- From: John Salter <J.Salter@leeds.ac.uk>
- [EP-tech] Finding remote IP
- Prev by Date: [EP-tech] Finding remote IP
- Next by Date: [EP-tech] Alt text for workflow images (3.3.x)
- Previous by thread: [EP-tech] EPrints/CRIS
- Next by thread: [EP-tech] DOI handling in orcid_support_advance
- Index(es):