How can I get the user's IP while using both CloudFlare and MaxMind's GeoIP with mod_geoip?

11,443

Solution 1

do this before you call geoip:

$_SERVER['REMOTE_ADDR'] = isset($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR'];

Solution 2

I was having difficulty trying to get both the Larvel TrustedProxy work with both CloudFlare and AWS' EC2 Elastic Load Balancer together. It assumes you only use 1 proxy, not 2 and doesn't work right. I ended up just skipping the trusted proxy stuff all together and making a simple MiddleWare that if using CloudFlare, regardless if you have another Load Balancer in front of it, it'll just set the right IP address and protocol.

CloudFlare passes information about the client through HTTP headers: https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-CloudFlare-handle-HTTP-Request-headers-

We're taking both the client IP and the client HTTP/HTTPS protocol and setting that into the $request->server attributes.

======

app/Http/Middleware/UseCloudFlareHeaders.php

<?php namespace App\Http\Middleware;

use Closure;

class UseCloudFlareHeaders
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        //if CloudFlare request, set correct protocol and proper client ip address
        $HTTP_CF_VISITOR = $request->server->get('HTTP_CF_VISITOR');
        $HTTP_CF_CONNECTING_IP = $request->server->get('HTTP_CF_CONNECTING_IP');

        if ($HTTP_CF_VISITOR and json_decode($HTTP_CF_VISITOR)->scheme == 'https') {
            $request->server->set('HTTPS', 'on');
        }

        if ($HTTP_CF_CONNECTING_IP) {
            $request->server->set('REMOTE_ADDR', $HTTP_CF_CONNECTING_IP);
        }

        return $next($request);
    }
}

app/Http/Kernal.php

protected $middleware = [
    //add this to your middleware...
    \App\Http\Middleware\UseCloudFlareHeaders::class
];

If someone knows a better way of doing this, please let us know.

Share:
11,443
hellodolly
Author by

hellodolly

Updated on June 05, 2022

Comments

  • hellodolly
    hellodolly over 1 year

    CloudFlare provides the user's country from the originating IP but I need location on a city level so I've added MaxMind's GeoCityLite using the mod_geoip Apache script.

    The problem is now to get the IP in a php variable, I'm using something like

    $country = apache_note("GEOIP_COUNTRY_CODE");
    

    This is great but the IP mod_geoip is using is the CloudFlare DNS, not the end user. CloudFlare offers the server variable HTTP_CF_CONNECTING_IP to use the end-user IP but how do I use THAT variable/IP in the mod_geoip?

    Can this be done with a few lines in htaccess?

    Edit: I have a workaround using the php API for geoip which is easy but the benchmarks using the apache lookup of the php api is much much better so I'd rather find this solution.

  • hellodolly
    hellodolly over 12 years
    No this would have to be set in apache conf file or htaccess. Somehow making the mod_geoip.c use the variable HTTP_CF_CONNECTING_IP instead of REMOTE_ADDR (REMOTE_ADDR reads the DNS proxy server at the moment and the HTTP_CF_CONNECTING_IP is the workaround)
  • ceckoslab
    ceckoslab almost 11 years
    Thanks! That was very helpful!
  • Dustin Fraker
    Dustin Fraker over 7 years
    Worked perfect, I was pulling my hair out trying to figure out why user's weren't able to log in after setting up cloudflare. thanks!
  • Emre
    Emre over 6 years
    This keeps it simple, no need for TrustedProxy. Thanks.