Feeling Lucky
J3 Issue
?
[#25518] - Incorrect? configuration in logging regarding remote users ip.
- Closed
- 11 Jul 2019
- Low
- Build: 3.9.8
- # 25518
Steps to reproduce the issue
Install Joomla behind a reverse proxy which provides both remote_addr and http_x_forwarded_for headers.
Perform a login failure on /administrator
Check the /logs/error.php log
Expected result
To see the ip address from http_x_forwarded_for reported as the offending IP address.
Actual result
To see the ip address from remote_addr reported as the offending IP address.
System information (as much as possible)
N/A
Additional comments
Not 100% sure if this is a problem or not, I believe that if HTTP_X_FORWARDED_FOR is set this should be treated as overriding REMOTE_IP, this is not the case in the following file:
./libraries/src/Log/Logger/FormattedtextLogger.php
Here we see:
protected function formatLine(LogEntry $entry)
{
// Set some default field values if not already set.
if (!isset($entry->clientIP))
{
// Check for proxies as well.
if (isset($_SERVER['REMOTE_ADDR']))
{
$entry->clientIP = $_SERVER['REMOTE_ADDR'];
}
elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$entry->clientIP = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
elseif (isset($_SERVER['HTTP_CLIENT_IP']))
{
$entry->clientIP = $_SERVER['HTTP_CLIENT_IP'];
}
}
Votes
# of Users Experiencing Issue
1/1
Average Importance Score
3.00
joomla-cms-bot
- 
| Labels |
Added:
J3 Issue
|
||
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-07-11 12:35:44 |
| Closed_By | ⇒ | franz-wohlkoenig |
Guess J3