How to get real IP from behind Sucuri firewallMagento2: Re-direct to custom URL from observermagento 2 : Get country from IP addressmagento 2.1: Is it possible to make the admin page url work from two seperate URLs?How to get Geo IP of customer in magento2?Exclude subfolders from geoip redirectHow can disable the cache for some block in Magento 2

Why was Germany not as successful as other Europeans in establishing overseas colonies?

Why do games have consumables?

Is there really no use for MD5 anymore?

How to get a plain text file version of a CP/M .BAS (M-BASIC) program?

How to creep the reader out with what seems like a normal person?

Is there an official tutorial for installing Ubuntu 18.04+ on a device with an SSD and an additional internal hard drive?

Who is the Umpire in this picture?

Combinable filters

How come there are so many candidates for the 2020 Democratic party presidential nomination?

French for 'It must be my imagination'?

Why is it that the natural deduction method can't test for invalidity?

Is there any limitation with Arduino Nano serial communication distance?

What's the polite way to say "I need to urinate"?

Binary Numbers Magic Trick

simple conditions equation

Error message with tabularx

What are the potential pitfalls when using metals as a currency?

Sci fi novel series with instant travel between planets through gates. A river runs through the gates

What is the most expensive material in the world that could be used to create Pun-Pun's lute?

Examples of subgroups where it's nontrivial to show closure under multiplication?

Critique of timeline aesthetic

Is it possible to determine the symmetric encryption method used by output size?

What is the difference between `command a[bc]d` and `command `ab,cd`

What is the relationship between spectral sequences and obstruction theory?



How to get real IP from behind Sucuri firewall


Magento2: Re-direct to custom URL from observermagento 2 : Get country from IP addressmagento 2.1: Is it possible to make the admin page url work from two seperate URLs?How to get Geo IP of customer in magento2?Exclude subfolders from geoip redirectHow can disable the cache for some block in Magento 2






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








0















I have a Magento store on an Ngix behind Sucuri firewall and we hide prices if the IP is outside of UK.
A bruteforce attack was bypassing the firewall so the hosting added the following rules to prevent bypass:



 location / 
 allow 192.88.134.0/23;
 allow 185.93.228.0/22;
 allow 2a02:fe80::/29;
 allow 66.248.200.0/22;
 deny all;
 # Existing NGINX rules


This works fine except that all IPs are transalted as the firewall one based in UK. To get the real IP Sucuri suggested to add the following:



 # Define header with original client IP
 real_ip_header X-Forwarded-For;
 # Define trusted Firewall IPs
 set_real_ip_from 192.88.134.0/23;
 set_real_ip_from 185.93.228.0/22;
 set_real_ip_from 66.248.200.0/22;
 set_real_ip_from 2a02:fe80::/29; # this line can be removed if IPv6 is 
 disabled


This second rule causes a problem. Once the IP is translated and if it is different than the allowed Sucuri IP addresses, the requests is restricted with 403 Forbidden error.



Is it impossible to have the store behind a firewall and still get the real IP. I am sure that this is not the only store in the world behind a firewall, which needs to server different content depending on the IP.
The code in Magento that gets the IP of the client is something like this:



 $geoIP = Mage::getSingleton('geoip/country'); 

 if ($geoIP->isCountryAllowed()) {....


Any alternative? SOlution? My hosting provider is useless..






geoip







share|improve this question






















  • Does that mean the users' real IP is now received in the $_SERVER variable under the header $_SERVER['HTTP_X_FORWARDED_FOR'] whereas the $_SERVER[“REMOTE_ADDR”] is the WAF IP(Web Application Firewall IP) - If yes, Magento can be configured to work correctly.

    – Dilhan Maduranga
    Mar 11 '18 at 15:15












  • Can you elaborate and explain how please?

    – Shakamal
    Mar 11 '18 at 19:30

















0















I have a Magento store on an Ngix behind Sucuri firewall and we hide prices if the IP is outside of UK.
A bruteforce attack was bypassing the firewall so the hosting added the following rules to prevent bypass:



 location / 
 allow 192.88.134.0/23;
 allow 185.93.228.0/22;
 allow 2a02:fe80::/29;
 allow 66.248.200.0/22;
 deny all;
 # Existing NGINX rules


This works fine except that all IPs are transalted as the firewall one based in UK. To get the real IP Sucuri suggested to add the following:



 # Define header with original client IP
 real_ip_header X-Forwarded-For;
 # Define trusted Firewall IPs
 set_real_ip_from 192.88.134.0/23;
 set_real_ip_from 185.93.228.0/22;
 set_real_ip_from 66.248.200.0/22;
 set_real_ip_from 2a02:fe80::/29; # this line can be removed if IPv6 is 
 disabled


This second rule causes a problem. Once the IP is translated and if it is different than the allowed Sucuri IP addresses, the requests is restricted with 403 Forbidden error.



Is it impossible to have the store behind a firewall and still get the real IP. I am sure that this is not the only store in the world behind a firewall, which needs to server different content depending on the IP.
The code in Magento that gets the IP of the client is something like this:



 $geoIP = Mage::getSingleton('geoip/country'); 

 if ($geoIP->isCountryAllowed()) {....


Any alternative? SOlution? My hosting provider is useless..






geoip







share|improve this question






















  • Does that mean the users' real IP is now received in the $_SERVER variable under the header $_SERVER['HTTP_X_FORWARDED_FOR'] whereas the $_SERVER[“REMOTE_ADDR”] is the WAF IP(Web Application Firewall IP) - If yes, Magento can be configured to work correctly.

    – Dilhan Maduranga
    Mar 11 '18 at 15:15












  • Can you elaborate and explain how please?

    – Shakamal
    Mar 11 '18 at 19:30













0












0








0








I have a Magento store on an Ngix behind Sucuri firewall and we hide prices if the IP is outside of UK.
A bruteforce attack was bypassing the firewall so the hosting added the following rules to prevent bypass:



 location / 
 allow 192.88.134.0/23;
 allow 185.93.228.0/22;
 allow 2a02:fe80::/29;
 allow 66.248.200.0/22;
 deny all;
 # Existing NGINX rules


This works fine except that all IPs are transalted as the firewall one based in UK. To get the real IP Sucuri suggested to add the following:



 # Define header with original client IP
 real_ip_header X-Forwarded-For;
 # Define trusted Firewall IPs
 set_real_ip_from 192.88.134.0/23;
 set_real_ip_from 185.93.228.0/22;
 set_real_ip_from 66.248.200.0/22;
 set_real_ip_from 2a02:fe80::/29; # this line can be removed if IPv6 is 
 disabled


This second rule causes a problem. Once the IP is translated and if it is different than the allowed Sucuri IP addresses, the requests is restricted with 403 Forbidden error.



Is it impossible to have the store behind a firewall and still get the real IP. I am sure that this is not the only store in the world behind a firewall, which needs to server different content depending on the IP.
The code in Magento that gets the IP of the client is something like this:



 $geoIP = Mage::getSingleton('geoip/country'); 

 if ($geoIP->isCountryAllowed()) {....


Any alternative? SOlution? My hosting provider is useless..






geoip







share|improve this question














I have a Magento store on an Ngix behind Sucuri firewall and we hide prices if the IP is outside of UK.
A bruteforce attack was bypassing the firewall so the hosting added the following rules to prevent bypass:



 location / 
 allow 192.88.134.0/23;
 allow 185.93.228.0/22;
 allow 2a02:fe80::/29;
 allow 66.248.200.0/22;
 deny all;
 # Existing NGINX rules


This works fine except that all IPs are transalted as the firewall one based in UK. To get the real IP Sucuri suggested to add the following:



 # Define header with original client IP
 real_ip_header X-Forwarded-For;
 # Define trusted Firewall IPs
 set_real_ip_from 192.88.134.0/23;
 set_real_ip_from 185.93.228.0/22;
 set_real_ip_from 66.248.200.0/22;
 set_real_ip_from 2a02:fe80::/29; # this line can be removed if IPv6 is 
 disabled


This second rule causes a problem. Once the IP is translated and if it is different than the allowed Sucuri IP addresses, the requests is restricted with 403 Forbidden error.



Is it impossible to have the store behind a firewall and still get the real IP. I am sure that this is not the only store in the world behind a firewall, which needs to server different content depending on the IP.
The code in Magento that gets the IP of the client is something like this:



 $geoIP = Mage::getSingleton('geoip/country'); 

 if ($geoIP->isCountryAllowed()) {....


Any alternative? SOlution? My hosting provider is useless..






geoip




geoip






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Mar 11 '18 at 14:14









ShakamalShakamal

388




388












  • Does that mean the users' real IP is now received in the $_SERVER variable under the header $_SERVER['HTTP_X_FORWARDED_FOR'] whereas the $_SERVER[“REMOTE_ADDR”] is the WAF IP(Web Application Firewall IP) - If yes, Magento can be configured to work correctly.

    – Dilhan Maduranga
    Mar 11 '18 at 15:15












  • Can you elaborate and explain how please?

    – Shakamal
    Mar 11 '18 at 19:30

















  • Does that mean the users' real IP is now received in the $_SERVER variable under the header $_SERVER['HTTP_X_FORWARDED_FOR'] whereas the $_SERVER[“REMOTE_ADDR”] is the WAF IP(Web Application Firewall IP) - If yes, Magento can be configured to work correctly.

    – Dilhan Maduranga
    Mar 11 '18 at 15:15












  • Can you elaborate and explain how please?

    – Shakamal
    Mar 11 '18 at 19:30
















Does that mean the users' real IP is now received in the $_SERVER variable under the header $_SERVER['HTTP_X_FORWARDED_FOR'] whereas the $_SERVER[“REMOTE_ADDR”] is the WAF IP(Web Application Firewall IP) - If yes, Magento can be configured to work correctly.

– Dilhan Maduranga
Mar 11 '18 at 15:15






Does that mean the users' real IP is now received in the $_SERVER variable under the header $_SERVER['HTTP_X_FORWARDED_FOR'] whereas the $_SERVER[“REMOTE_ADDR”] is the WAF IP(Web Application Firewall IP) - If yes, Magento can be configured to work correctly.

– Dilhan Maduranga
Mar 11 '18 at 15:15














Can you elaborate and explain how please?

– Shakamal
Mar 11 '18 at 19:30





Can you elaborate and explain how please?

– Shakamal
Mar 11 '18 at 19:30










2 Answers
2






active

oldest

votes


















1














We hit the same issue, when trying to apply the suggested "Block Sucuri Bypass"



location / 
 # Block everything that isn't sucuri
 allow 192.88.134.0/23;
 allow 185.93.228.0/22;
 allow 2a02:fe80::/29;
 allow 66.248.200.0/22;
 deny all;

 # other nginx config



As this was below the already configured:



# Define header with original client IP
real_ip_header X-Forwarded-For;
# Define trusted IPs
set_real_ip_from 192.88.134.0/23;
set_real_ip_from 185.93.228.0/22;
set_real_ip_from 66.248.200.0/22;
set_real_ip_from 2a02:fe80::/29;


Magento 1



So long as the code uses the core method:



Mage::helper('core/http')->getRemoteAddr()


You can add a list of headers to app/etc/local.xml inside of config->global node that are used to determine the "real" ip. Something like:



<remote_addr_headers>
 <header1>HTTP_X_SUCURI_CLIENTIP</header1>
 <header2>HTTP_X_REAL_IP</header2>
 <header3>HTTP_X_FORWARDED_FOR</header3>
</remote_addr_headers>


Then you can remove the real_ip_header and set_real_ip_from from the nginx config. Allowing all traffic not from Sucuri to be blocked and still able to obtain the true IP within magento. You can test this with something like:



define('MAGENTO_ROOT', getcwd());
$mageFilename = MAGENTO_ROOT . '/app/Mage.php';
require MAGENTO_ROOT . '/app/bootstrap.php';
require_once $mageFilename;

Mage::app('admin');
print_r($_SERVER);
echo 'address: '.Mage::helper('core/http')->getRemoteAddr();


Magento 2



This appears to a little harder, I haven't dug as deep but on initial look.

- vendor/magento/framework/Session/Validator.php

is sensitive to configuration, on if it should use: http_x_forwarded_for or remote_addr

- vendor/magento/framework/HTTP/PhpEnvironment/Request.php:725

has the method getClientIp which appears to use the first it finds from HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, REMOTE_ADDR

- vendor/magento/magento2-base/pub/errors/processor.php:312

had the method _getClientIp which uses REMOTE_ADDR and if that isn't found returns undefined



I may be wrong but I haven't spotted anywhere a single value can be configured, or a list to try. So at this point would suggest adding something like the following to app/etc/bootstrap.php



$trustedIpHeaders = [
 'HTTP_X_SUCURI_CLIENTIP', 
 'HTTP_X_REAL_IP',
 'HTTP_X_FORWARDED_FOR',
];
$headersToPopulate = [
 'HTTP_CLIENT_IP',
 'HTTP_X_FORWARDED_FOR',
 'REMOTE_ADDR',
];
foreach($trustedIpHeaders as $trustedIpHeader)
 if(isset($_SERVER[$trustedIpHeader]))
 foreach($headersToPopulate as $headerToPopulate)
 $_SERVER[$headerToPopulate] = $_SERVER[$trustedIpHeader]
 
 break;






share|improve this answer






























    0














    For all those who come across the same issue and try to get an answer from sucuri or hopeless hosting providers like siteground, this is what worked for me. I put the following code at the very beginning of Magento index.php:



    if(isset($_SERVER['HTTP_X_SUCURI_CLIENTIP']))
     {
     $_SERVER["REMOTE_ADDR"] = $_SERVER['HTTP_X_SUCURI_CLIENTIP'];





    share|improve this answer























      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "479"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f216873%2fhow-to-get-real-ip-from-behind-sucuri-firewall%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      1














      We hit the same issue, when trying to apply the suggested "Block Sucuri Bypass"



      location / 
       # Block everything that isn't sucuri
       allow 192.88.134.0/23;
       allow 185.93.228.0/22;
       allow 2a02:fe80::/29;
       allow 66.248.200.0/22;
       deny all;

       # other nginx config



      As this was below the already configured:



      # Define header with original client IP
      real_ip_header X-Forwarded-For;
      # Define trusted IPs
      set_real_ip_from 192.88.134.0/23;
      set_real_ip_from 185.93.228.0/22;
      set_real_ip_from 66.248.200.0/22;
      set_real_ip_from 2a02:fe80::/29;


      Magento 1



      So long as the code uses the core method:



      Mage::helper('core/http')->getRemoteAddr()


      You can add a list of headers to app/etc/local.xml inside of config->global node that are used to determine the "real" ip. Something like:



      <remote_addr_headers>
       <header1>HTTP_X_SUCURI_CLIENTIP</header1>
       <header2>HTTP_X_REAL_IP</header2>
       <header3>HTTP_X_FORWARDED_FOR</header3>
      </remote_addr_headers>


      Then you can remove the real_ip_header and set_real_ip_from from the nginx config. Allowing all traffic not from Sucuri to be blocked and still able to obtain the true IP within magento. You can test this with something like:



      define('MAGENTO_ROOT', getcwd());
      $mageFilename = MAGENTO_ROOT . '/app/Mage.php';
      require MAGENTO_ROOT . '/app/bootstrap.php';
      require_once $mageFilename;

      Mage::app('admin');
      print_r($_SERVER);
      echo 'address: '.Mage::helper('core/http')->getRemoteAddr();


      Magento 2



      This appears to a little harder, I haven't dug as deep but on initial look.

      - vendor/magento/framework/Session/Validator.php

      is sensitive to configuration, on if it should use: http_x_forwarded_for or remote_addr

      - vendor/magento/framework/HTTP/PhpEnvironment/Request.php:725

      has the method getClientIp which appears to use the first it finds from HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, REMOTE_ADDR

      - vendor/magento/magento2-base/pub/errors/processor.php:312

      had the method _getClientIp which uses REMOTE_ADDR and if that isn't found returns undefined



      I may be wrong but I haven't spotted anywhere a single value can be configured, or a list to try. So at this point would suggest adding something like the following to app/etc/bootstrap.php



      $trustedIpHeaders = [
       'HTTP_X_SUCURI_CLIENTIP', 
       'HTTP_X_REAL_IP',
       'HTTP_X_FORWARDED_FOR',
      ];
      $headersToPopulate = [
       'HTTP_CLIENT_IP',
       'HTTP_X_FORWARDED_FOR',
       'REMOTE_ADDR',
      ];
      foreach($trustedIpHeaders as $trustedIpHeader)
       if(isset($_SERVER[$trustedIpHeader]))
       foreach($headersToPopulate as $headerToPopulate)
       $_SERVER[$headerToPopulate] = $_SERVER[$trustedIpHeader]
       
       break;






      share|improve this answer



























        1














        We hit the same issue, when trying to apply the suggested "Block Sucuri Bypass"



        location / 
         # Block everything that isn't sucuri
         allow 192.88.134.0/23;
         allow 185.93.228.0/22;
         allow 2a02:fe80::/29;
         allow 66.248.200.0/22;
         deny all;

         # other nginx config



        As this was below the already configured:



        # Define header with original client IP
        real_ip_header X-Forwarded-For;
        # Define trusted IPs
        set_real_ip_from 192.88.134.0/23;
        set_real_ip_from 185.93.228.0/22;
        set_real_ip_from 66.248.200.0/22;
        set_real_ip_from 2a02:fe80::/29;


        Magento 1



        So long as the code uses the core method:



        Mage::helper('core/http')->getRemoteAddr()


        You can add a list of headers to app/etc/local.xml inside of config->global node that are used to determine the "real" ip. Something like:



        <remote_addr_headers>
         <header1>HTTP_X_SUCURI_CLIENTIP</header1>
         <header2>HTTP_X_REAL_IP</header2>
         <header3>HTTP_X_FORWARDED_FOR</header3>
        </remote_addr_headers>


        Then you can remove the real_ip_header and set_real_ip_from from the nginx config. Allowing all traffic not from Sucuri to be blocked and still able to obtain the true IP within magento. You can test this with something like:



        define('MAGENTO_ROOT', getcwd());
        $mageFilename = MAGENTO_ROOT . '/app/Mage.php';
        require MAGENTO_ROOT . '/app/bootstrap.php';
        require_once $mageFilename;

        Mage::app('admin');
        print_r($_SERVER);
        echo 'address: '.Mage::helper('core/http')->getRemoteAddr();


        Magento 2



        This appears to a little harder, I haven't dug as deep but on initial look.

        - vendor/magento/framework/Session/Validator.php

        is sensitive to configuration, on if it should use: http_x_forwarded_for or remote_addr

        - vendor/magento/framework/HTTP/PhpEnvironment/Request.php:725

        has the method getClientIp which appears to use the first it finds from HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, REMOTE_ADDR

        - vendor/magento/magento2-base/pub/errors/processor.php:312

        had the method _getClientIp which uses REMOTE_ADDR and if that isn't found returns undefined



        I may be wrong but I haven't spotted anywhere a single value can be configured, or a list to try. So at this point would suggest adding something like the following to app/etc/bootstrap.php



        $trustedIpHeaders = [
         'HTTP_X_SUCURI_CLIENTIP', 
         'HTTP_X_REAL_IP',
         'HTTP_X_FORWARDED_FOR',
        ];
        $headersToPopulate = [
         'HTTP_CLIENT_IP',
         'HTTP_X_FORWARDED_FOR',
         'REMOTE_ADDR',
        ];
        foreach($trustedIpHeaders as $trustedIpHeader)
         if(isset($_SERVER[$trustedIpHeader]))
         foreach($headersToPopulate as $headerToPopulate)
         $_SERVER[$headerToPopulate] = $_SERVER[$trustedIpHeader]
         
         break;






        share|improve this answer

























          1












          1








          1







          We hit the same issue, when trying to apply the suggested "Block Sucuri Bypass"



          location / 
           # Block everything that isn't sucuri
           allow 192.88.134.0/23;
           allow 185.93.228.0/22;
           allow 2a02:fe80::/29;
           allow 66.248.200.0/22;
           deny all;

           # other nginx config



          As this was below the already configured:



          # Define header with original client IP
          real_ip_header X-Forwarded-For;
          # Define trusted IPs
          set_real_ip_from 192.88.134.0/23;
          set_real_ip_from 185.93.228.0/22;
          set_real_ip_from 66.248.200.0/22;
          set_real_ip_from 2a02:fe80::/29;


          Magento 1



          So long as the code uses the core method:



          Mage::helper('core/http')->getRemoteAddr()


          You can add a list of headers to app/etc/local.xml inside of config->global node that are used to determine the "real" ip. Something like:



          <remote_addr_headers>
           <header1>HTTP_X_SUCURI_CLIENTIP</header1>
           <header2>HTTP_X_REAL_IP</header2>
           <header3>HTTP_X_FORWARDED_FOR</header3>
          </remote_addr_headers>


          Then you can remove the real_ip_header and set_real_ip_from from the nginx config. Allowing all traffic not from Sucuri to be blocked and still able to obtain the true IP within magento. You can test this with something like:



          define('MAGENTO_ROOT', getcwd());
          $mageFilename = MAGENTO_ROOT . '/app/Mage.php';
          require MAGENTO_ROOT . '/app/bootstrap.php';
          require_once $mageFilename;

          Mage::app('admin');
          print_r($_SERVER);
          echo 'address: '.Mage::helper('core/http')->getRemoteAddr();


          Magento 2



          This appears to a little harder, I haven't dug as deep but on initial look.

          - vendor/magento/framework/Session/Validator.php

          is sensitive to configuration, on if it should use: http_x_forwarded_for or remote_addr

          - vendor/magento/framework/HTTP/PhpEnvironment/Request.php:725

          has the method getClientIp which appears to use the first it finds from HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, REMOTE_ADDR

          - vendor/magento/magento2-base/pub/errors/processor.php:312

          had the method _getClientIp which uses REMOTE_ADDR and if that isn't found returns undefined



          I may be wrong but I haven't spotted anywhere a single value can be configured, or a list to try. So at this point would suggest adding something like the following to app/etc/bootstrap.php



          $trustedIpHeaders = [
           'HTTP_X_SUCURI_CLIENTIP', 
           'HTTP_X_REAL_IP',
           'HTTP_X_FORWARDED_FOR',
          ];
          $headersToPopulate = [
           'HTTP_CLIENT_IP',
           'HTTP_X_FORWARDED_FOR',
           'REMOTE_ADDR',
          ];
          foreach($trustedIpHeaders as $trustedIpHeader)
           if(isset($_SERVER[$trustedIpHeader]))
           foreach($headersToPopulate as $headerToPopulate)
           $_SERVER[$headerToPopulate] = $_SERVER[$trustedIpHeader]
           
           break;






          share|improve this answer













          We hit the same issue, when trying to apply the suggested "Block Sucuri Bypass"



          location / 
           # Block everything that isn't sucuri
           allow 192.88.134.0/23;
           allow 185.93.228.0/22;
           allow 2a02:fe80::/29;
           allow 66.248.200.0/22;
           deny all;

           # other nginx config



          As this was below the already configured:



          # Define header with original client IP
          real_ip_header X-Forwarded-For;
          # Define trusted IPs
          set_real_ip_from 192.88.134.0/23;
          set_real_ip_from 185.93.228.0/22;
          set_real_ip_from 66.248.200.0/22;
          set_real_ip_from 2a02:fe80::/29;


          Magento 1



          So long as the code uses the core method:



          Mage::helper('core/http')->getRemoteAddr()


          You can add a list of headers to app/etc/local.xml inside of config->global node that are used to determine the "real" ip. Something like:



          <remote_addr_headers>
           <header1>HTTP_X_SUCURI_CLIENTIP</header1>
           <header2>HTTP_X_REAL_IP</header2>
           <header3>HTTP_X_FORWARDED_FOR</header3>
          </remote_addr_headers>


          Then you can remove the real_ip_header and set_real_ip_from from the nginx config. Allowing all traffic not from Sucuri to be blocked and still able to obtain the true IP within magento. You can test this with something like:



          define('MAGENTO_ROOT', getcwd());
          $mageFilename = MAGENTO_ROOT . '/app/Mage.php';
          require MAGENTO_ROOT . '/app/bootstrap.php';
          require_once $mageFilename;

          Mage::app('admin');
          print_r($_SERVER);
          echo 'address: '.Mage::helper('core/http')->getRemoteAddr();


          Magento 2



          This appears to a little harder, I haven't dug as deep but on initial look.

          - vendor/magento/framework/Session/Validator.php

          is sensitive to configuration, on if it should use: http_x_forwarded_for or remote_addr

          - vendor/magento/framework/HTTP/PhpEnvironment/Request.php:725

          has the method getClientIp which appears to use the first it finds from HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, REMOTE_ADDR

          - vendor/magento/magento2-base/pub/errors/processor.php:312

          had the method _getClientIp which uses REMOTE_ADDR and if that isn't found returns undefined



          I may be wrong but I haven't spotted anywhere a single value can be configured, or a list to try. So at this point would suggest adding something like the following to app/etc/bootstrap.php



          $trustedIpHeaders = [
           'HTTP_X_SUCURI_CLIENTIP', 
           'HTTP_X_REAL_IP',
           'HTTP_X_FORWARDED_FOR',
          ];
          $headersToPopulate = [
           'HTTP_CLIENT_IP',
           'HTTP_X_FORWARDED_FOR',
           'REMOTE_ADDR',
          ];
          foreach($trustedIpHeaders as $trustedIpHeader)
           if(isset($_SERVER[$trustedIpHeader]))
           foreach($headersToPopulate as $headerToPopulate)
           $_SERVER[$headerToPopulate] = $_SERVER[$trustedIpHeader]
           
           break;







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Apr 24 at 12:22









          AdamAdam

          213




          213























              0














              For all those who come across the same issue and try to get an answer from sucuri or hopeless hosting providers like siteground, this is what worked for me. I put the following code at the very beginning of Magento index.php:



              if(isset($_SERVER['HTTP_X_SUCURI_CLIENTIP']))
               {
               $_SERVER["REMOTE_ADDR"] = $_SERVER['HTTP_X_SUCURI_CLIENTIP'];





              share|improve this answer



























                0














                For all those who come across the same issue and try to get an answer from sucuri or hopeless hosting providers like siteground, this is what worked for me. I put the following code at the very beginning of Magento index.php:



                if(isset($_SERVER['HTTP_X_SUCURI_CLIENTIP']))
                 {
                 $_SERVER["REMOTE_ADDR"] = $_SERVER['HTTP_X_SUCURI_CLIENTIP'];





                share|improve this answer

























                  0












                  0








                  0







                  For all those who come across the same issue and try to get an answer from sucuri or hopeless hosting providers like siteground, this is what worked for me. I put the following code at the very beginning of Magento index.php:



                  if(isset($_SERVER['HTTP_X_SUCURI_CLIENTIP']))
                   {
                   $_SERVER["REMOTE_ADDR"] = $_SERVER['HTTP_X_SUCURI_CLIENTIP'];





                  share|improve this answer













                  For all those who come across the same issue and try to get an answer from sucuri or hopeless hosting providers like siteground, this is what worked for me. I put the following code at the very beginning of Magento index.php:



                  if(isset($_SERVER['HTTP_X_SUCURI_CLIENTIP']))
                   {
                   $_SERVER["REMOTE_ADDR"] = $_SERVER['HTTP_X_SUCURI_CLIENTIP'];






                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Mar 11 '18 at 21:58









                  ShakamalShakamal

                  388




                  388



























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Magento Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f216873%2fhow-to-get-real-ip-from-behind-sucuri-firewall%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -

                      Popular posts from this blog

                      Get product attribute by attribute group code in magento 2get product attribute by product attribute group in magento 2Magento 2 Log Bundle Product Data in List Page?How to get all product attribute of a attribute group of Default attribute set?Magento 2.1 Create a filter in the product grid by new attributeMagento 2 : Get Product Attribute values By GroupMagento 2 How to get all existing values for one attributeMagento 2 get custom attribute of a single product inside a pluginMagento 2.3 How to get all the Multi Source Inventory (MSI) locations collection in custom module?Magento2: how to develop rest API to get new productsGet product attribute by attribute group code ( [attribute_group_code] ) in magento 2

                      Image
                      Is it safe to keep the GPU on 100% utilization for a very long time? What happens when the drag force exceeds the weight of an object falling into earth? shebang or not shebang The unknown and unexplained in science fiction Are wands in any sort of book going to be too much like Harry Potter? How do I minimise waste on a flight? Concatenate all values of the same XML element using XPath/XQuery Did any early RISC OS precursor run on the BBC Micro? Single supply non-inverting amplifier using op amp Employee is self-centered and affects the team negatively Why always 4...dxc6 and not 4...bxc6 in the Ruy Lopez Exchange? TikZ/PGF draw algorithm Learning how to read schematics, questions about fractional voltage in schematic How can I test a shell script in a "safe environment" to avoid harm to my computer? A♭ major 9th chord in Bach is unexpectedly dissonant/jazzy What detail can Hubble see on Mars? Drug Testing and Prescribed Medications Justific
                      Read more

                      Category:9 (number) SubcategoriesMedia in category "9 (number)"Navigation menuUpload mediaGND ID: 4485639-8Library of Congress authority ID: sh85091979ReasonatorScholiaStatistics

                      Image
                      Natural numbersSquare numbersCategories requiring diffusion Help Category:9 (number) From Wikimedia Commons, the free media repository Jump to navigation Jump to search number: 9 (nine) instance of: natural number, deficient number, square number, composite number, odd number, centered cube number, centered octagonal number and nonagonal number other integers: -8 • -4 • -2 • -1 • 0 • 1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 • 10 • 11 • 12 • 13 • 14 • 15 • 16 • 17 • 18 • 19 • 20 • 21 • 22 • 23 • 24 • 25 • 26 • 27 • 28 • 29 -20 • 0 • 10 • 20 • 30 • 40 • 50 • 60 • 70 • 80 • 90 • 100 • 110 • 120 • 130 • 140 • 150 • 160 • 170 • 180 • 190 • 200 This category has become too crowded. It should list very few images directly. Files should be moved to subcategories where appropriate. New subcategories can be created. Some files need to be moved elsewhere. Search for more categories: fulltext, Main Page, topics, meta categories. Please remove or replace this tag
                      Read more

                      Magento 2.3: How do i solve this, Not registered handle, on custom form?How can i rewrite TierPrice Block in Magento2magento 2 captcha not rendering if I override layout xmlmain.CRITICAL: Plugin class doesn't existMagento 2 : Problem while adding custom button order view page?Magento 2.2.5: Overriding Admin Controller sales/orderMagento 2.2.5: Add, Update and Delete existing products Custom OptionsMagento 2.3 : File Upload issue in UI Component FormMagento2 Not registered handleHow to configured Form Builder Js in my custom magento 2.3.0 module?Magento 2.3. How to create image upload field in an admin form

                      Image
                      2000s (or earlier) cyberpunk novel: dystopia, mega storm, omnipresent noise How important is it for multiple POVs to run chronologically? PhD: When to quit and move on? Motorcyle Chain needs to be cleaned every time you lube it? Why do most airliners have underwing engines, while business jets have rear-mounted engines? How to supply water to a coastal desert town with no rain and no freshwater aquifers? How come a desk dictionary be abridged? What's the big deal about the Nazgûl losing their horses? Is this standard Japanese employment negotiations, or am I missing something? Should I increase my 401(k) contributions, or increase my mortgage payments Is there a way to change the aspect ratio of a DNG file? Why is there paternal, for fatherly, fraternal, for brotherly, but no similar word for sons? What can a novel do that film and TV cannot? Is conquering your neighbors to fight a greater enemy a valid strategy? /api/sitecore is not working in CD server
                      Read more