View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0029336 | mantisbt | bugtracker | public | 2021-12-03 10:40 | 2023-02-15 03:51 |
Reporter | devnull | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | sometimes |
Status | acknowledged | Resolution | open | ||
Platform | amd64 | OS | FreeBSD | OS Version | 13 |
Product Version | 2.25.2 | ||||
Summary | 0029336: session died due to Cloudflare proxy | ||||
Description | Hello, I use CloudFlare proxy in DNS to access my website to prevent DDOS and other attacks. As you can see error.log in Apache, in same session, IP address changed from 172.68.27.242 to 172.68.26.143: [Fri Dec 03 15:02:29] [client 172.68.27.242] AH01071: Got error 'PHP message: PHP Warning: 2702 in /usr/local/www/apache24/data/apt322.org/abc71/bugtracker/core/session_api.php on line 218', referer: https://apt322.org/abc71/bugtracker/view_all_bug_page.php [Fri Dec 03 15:03:11] [client 172.68.26.143] AH01071: Got error 'PHP message: PHP Warning: 2702 in /usr/local/www/apache24/data/apt322.org/abc71/bugtracker/core/session_api.php on line 218', referer: https://apt322.org/abc71/bugtracker/view_all_bug_page.php To solve the problem, I temporary remove if( $t_user_ip != $t_last_ip ) {...} block in bugtracker/core/session_api.php. So, it is possible to obtain the real Client IP address (CF-CONNECTING-IP) to work properly? | ||||
Tags | No tags attached. | ||||
You could deactivate session validation by adding the following lines to config_inc.php
https://mantisbt.org/docs/master/en-US/Admin_Guide/html-desktop/#admin.config.webserver |
|
Thanks, astrol. In future versions, if possible evaluate use "x-forwarded-for" to identify real IP address connected throw http proxy, it really welcome. Thanks again for your assistance! |
|
In case someone should start working on this, some more information that should be considered |
|
The problem with using on |
|