Post by Hyuga » Fri Jul 30, 2021 11:00 pm

Hi guys,

Recently I started using CloudFlare on my OpenCart Store (www.scriptstore.xyz) and as expected, first thing I noticed is at Online Report, real visitors IP addresses were replaced by CF IP addresses.

There is a really easy trick to get visitors real IP addresses again, by following these steps.

1) Open: system/startup.php
2) Add code following code right before "// Windows IIS Compatibility":

Code: Select all

// CloudFlare IP Fix
if(isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
	$_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
Save the file and that's it, now you should see real visitors IP addresses again. I'm using OpenCart 3.0.3.7 but I believe it should work for all versions. I hope it helps :)

www.ScriptStore.xyz - Cheap quality scripts for sale!


Newbie

Posts

Joined
Mon Jul 16, 2012 12:09 am


Post by straightlight » Sun Aug 01, 2021 7:57 am

I would not suggest this solution since the proposal of this addition also implies the propagation of the real IP address by using the $this->request->server['REMOTE_ADDR'] on the entire platform. Therefore, what you're reporting about is not a bug.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by Hyuga » Fri Aug 06, 2021 6:35 pm

That's the whole point of getting visitor IP address, to get visitor real IP address, not some CloudFlare server IP address :)

www.ScriptStore.xyz - Cheap quality scripts for sale!


Newbie

Posts

Joined
Mon Jul 16, 2012 12:09 am


Post by straightlight » Fri Aug 06, 2021 7:16 pm

Hyuga wrote:
Fri Aug 06, 2021 6:35 pm
That's the whole point of getting visitor IP address, to get visitor real IP address, not some CloudFlare server IP address :)
Security leaks, that's pretty much what it provides.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by Hyuga » Sun Aug 29, 2021 9:12 pm

straightlight wrote:
Fri Aug 06, 2021 7:16 pm
Security leaks, that's pretty much what it provides.
Ok then, tell me, where the security issue is if instead of getting some CF server IP address, you actually see your customer / visitor real IP address? Without using CloudFlare, you see real customer / visitor IP address, when you start using CF, they proxy all requests, even visitor IP address, but they still give you their real IP address in another header (which right now OpenCart doesn't have a function to grab it). Come back with a proper explanation, how can be that a security issue? Give me a single example of a situation where someone can treat this like a security issue to gain access or to do any damage to website or it's customers / visitors.

www.ScriptStore.xyz - Cheap quality scripts for sale!


Newbie

Posts

Joined
Mon Jul 16, 2012 12:09 am

Who is online

Users browsing this forum: integraa and 38 guests