diff --git a/DNN Platform/Library/Common/Utilities/NetworkUtils.cs b/DNN Platform/Library/Common/Utilities/NetworkUtils.cs
index 1bfa0bcd11e..6ee9cbf010b 100644
--- a/DNN Platform/Library/Common/Utilities/NetworkUtils.cs
+++ b/DNN Platform/Library/Common/Utilities/NetworkUtils.cs
@@ -5,8 +5,10 @@
#region Usings
using System;
+using System.Linq;
using System.Net;
using System.Net.Sockets;
+using System.Web;
#endregion
@@ -242,6 +244,24 @@ public static bool IsIPInRange(string currentIP, string startIP, string subnetma
}
return false;
}
+
+ ///
+ /// Gets the Client IP address of the current request, from server variables if available, otherwise returns Request.UserHostAddress.
+ ///
+ /// The current http request.
+ /// The current client ip address.
+ public static string GetClientIpAddress(HttpRequest request)
+ {
+ var ipAddress = request.ServerVariables["HTTP_X_FORWARDED_FOR"]?.Split(',').FirstOrDefault();
+
+ // If there is no proxy, get the standard remote address
+ if (string.IsNullOrWhiteSpace(ipAddress) || ipAddress.Equals("unknown", StringComparison.OrdinalIgnoreCase))
+ {
+ ipAddress = request.UserHostAddress;
+ }
+
+ return ipAddress;
+ }
}
///
diff --git a/DNN Platform/Website/DesktopModules/Admin/Authentication/Login.ascx.cs b/DNN Platform/Website/DesktopModules/Admin/Authentication/Login.ascx.cs
index 0d0d4d40823..28914554ec0 100644
--- a/DNN Platform/Website/DesktopModules/Admin/Authentication/Login.ascx.cs
+++ b/DNN Platform/Website/DesktopModules/Admin/Authentication/Login.ascx.cs
@@ -40,6 +40,7 @@
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using DotNetNuke.Abstractions;
+using DotNetNuke.Common.Utils;
using Microsoft.Extensions.DependencyInjection;
#endregion
@@ -866,7 +867,8 @@ private void ValidateUser(UserInfo objUser, bool ignoreExpiring)
bool isAdminUser = objUser.IsSuperUser || objUser.IsInRole(PortalSettings.AdministratorRoleName);
if (isAdminUser)
{
- if (IPFilterController.Instance.IsIPBanned(Request.UserHostAddress))
+ var clientIp = NetworkUtils.GetClientIpAddress(Request);
+ if (IPFilterController.Instance.IsIPBanned(clientIp))
{
PortalSecurity.Instance.SignOut();
AddModuleMessage("IPAddressBanned", ModuleMessage.ModuleMessageType.RedError, true);