Install Joomla behind a reverse proxy which provides both remote_addr and http_x_forwarded_for headers.
Perform a login failure on /administrator
Check the /logs/error.php log
To see the ip address from http_x_forwarded_for reported as the offending IP address.
To see the ip address from remote_addr reported as the offending IP address.
N/A
Not 100% sure if this is a problem or not, I believe that if HTTP_X_FORWARDED_FOR is set this should be treated as overriding REMOTE_IP, this is not the case in the following file:
./libraries/src/Log/Logger/FormattedtextLogger.php
Here we see:
protected function formatLine(LogEntry $entry)
{
// Set some default field values if not already set.
if (!isset($entry->clientIP))
{
// Check for proxies as well.
if (isset($_SERVER['REMOTE_ADDR']))
{
$entry->clientIP = $_SERVER['REMOTE_ADDR'];
}
elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$entry->clientIP = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
elseif (isset($_SERVER['HTTP_CLIENT_IP']))
{
$entry->clientIP = $_SERVER['HTTP_CLIENT_IP'];
}
}
Labels |
Added:
J3 Issue
|
Status | New | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-07-11 12:35:44 |
Closed_By | ⇒ | franz-wohlkoenig |
Guess J3