Using webform behind a load balancer sets all ip address in the results page to the load balancers ip address. This is because it uses $_SERVER['REMOTE_ADDR'] without checking to see if $_SERVER['X-FORWARDED-FOR']. (http://en.wikipedia.org/wiki/X-Forwarded-For). This patch changes all those I believe.

CommentFileSizeAuthor
#1 patch86.patch3.24 KBScott Reynolds
patch86.patch1.78 KBScott Reynolds

Comments

Scott Reynolds’s picture

StatusFileSize
new3.24 KB

Missed a couple in the module file

quicksketch’s picture

Excellent. Thank you very much. This was fixed in the Drupal 6 version by the advent of the handy ip_address() function in Drupal core, but the Drupal 5 version still pretty clearly has this problem. To increase the consistency between the two versions we should probably make a separate function (probably called "webform_ip_address()") for the Drupal 5 version.

Scott Reynolds’s picture

The ip_address() function drupal 6 uses a set of variables to determine which ip address to return (Remote-addr or X-Forwarrded). These variables say "Behind load balancer" and "load balancer ip's are?". That is the bulk of what that function does, is to check to see if load balancer turned on and checks to see if the ip address is contained in the load balancer ip's. So unless you would like to present more settings to the user, perhaps its better to just do it this way.

This patch is like how votingpapi and advance poll do it.

quicksketch’s picture

I just meant we should abstract the repeated question of $_SERVER['HTTP_FORWARDED_FOR'] ? $_SERVER['HTTP_FORWARDED_FOR'] : $_SERVER['IP_ADDRESS'] into a separate function so that our lines stay mostly the same between the Drupal 5 and 6 versions. I wasn't meaning that we should implement all the functionality of the ip_address() function in Drupal 6.

quicksketch’s picture

Status: Needs review » Fixed

Eh, considering the End-Of-Life for Drupal 5 is pretty close anyway, I cleaned up this patch and committed it as-is without abstracting it into a webform_ip_address() function. The 2.4 version should be out this weekend.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.

lostchord’s picture

@#2

I'm running behind HAProxy and although my Apache access logs are showing the correct client address (taken from X-Forwarded-For) the Webforms submissions are showing the client as 127.0.0.1 (in my test environment the proxy is on the same box as the server). So is it really fixed in D6?

cheers

rmcom’s picture

Version: 5.x-2.3 » 6.x-2.2
Status: Closed (fixed) » Active

I would have the same question as lostchord (#7):

Is there a way to feed the user IP address through a proxy or load balancer?

quicksketch’s picture

Category: bug » support
Status: Active » Fixed

Is there a way to feed the user IP address through a proxy or load balancer?

Read the contents of your settings.php file. There is a section on configuring Drupal as a reverse proxy.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.