Use original user's IPAddress in logging and IPFilter when behind (e.g.) Cloudflare #5073
Closed
6 tasks done
Labels
Comments
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of problem
Is your enhancement request related to a problem? Provide a clear and concise description of the problem.
When a site is behind (a service like) Cloudflare, the user's original IPAddress is not the host address from the request, but instead it's passed in a Request Header. DNN's Login page is already able to handle that and log the oringial user's IPAddress by using the UserRequestIPAddressController class.
However, this method of correctly determining the IP Address isn't applied in other places, like logging 404's and for the IPFiltering.
Description of solution
UserRequestIPAddressController class should be used wherever a user's IPAddress is requested.
Preferably, there should also be a (host level) setting in the Personabar to set the "UserRequestIPHeader" setting.
Description of alternatives considered
Given how services like cloudflare work, there really aren't any, afaik.
Affected browser
(all, as this isn't browser related)
Affected DNN Versions
The text was updated successfully, but these errors were encountered: