Hello, RaGEZONE.
As many noobs have problems with Incapsula and revCMS, I decided the fix for real IP with Incapsula.
First you open your global.php, and replace everything with this THIS.. Woïla. Every user should now have "ip_reg" real IP, and not Incapsula proxy IP.
I hope this will be useful for noobs.
Enjoy!
Thanks man
Or use:
$_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_INCAP_CLIENT_IP"] ? $_SERVER["HTTP_INCAP_CLIENT_IP"] : $_SERVER["REMOTE_ADDR"];
You know that HTTP_INCAP_CLIENT_IP can be changed with a simple httpheader changer... And that a cms like revcms doesn't filter it... So you can run mysql exploits.. Ps you can do that by cloudflare too...Originally Posted by Vexq
- Spot Ify
No problem.Thanks man
- - - Updated - - -
If you just have shit to post on EVERY thread I post, just f*k off.
Using your method you allow IP spoofing if hacker have real IP of server. (some way to get it)
Actually, I'm personally using Incapsula for CDN.
You can't do it with CF anymore because I reported it to them.
To Who? to all retro's or did you report it to cloudflare...
because its not a cloudflare issue its a code issue becaue if you know the real ip...
Then can you change the host so the server thinks you are entering the website from the real domain (if they have the bindings at the domain by IIS)
And then you have direct connection and by direct connection can you set the HTTPHEADERS because there is no cloudflare who delete the header...
There are easy fixes for this validating the header (I recommed that)
Or allow only the cloudflare ips in IIS with IP and Domain Restrictions (I recommed this too because its also for the AntiDDOS ;p)
- Spot Ify
CloudFlare validates the cf connecting IP header before sending it to the website.
I know this because I used said exploit to hack many websites. I reported it to them and got a year of pro and a t shirt, lolz.
With me after i replace, people still have the Proxy IP ?
They alwayd did lol bug I'm saying that if you Know the real ip of the webserver. Then you can just skip Cloudflare and have a direct connection.. Because cloudflare is just a domainproxy and it has nothing to do with the real webserver. So you can still change the header if you know the real ip and adding it to your hostfile. Lol
But if you setup iis to allow only connections from cloudflare is it impossible to do that.. But there are just some retro's who have that...
And I just tested it at a big hotel with cloudflare and it was still possible...
-spot Ify
Did you replace your whole global.php?
Yes and still the same ....
It's working here. Be sure if you're using a http proxy over Incapsula it won't work.
if you're using a reverse proxy as well as incapsula then you'll need to split the forwarded ip as it will forward 2 lots
Code:$ips = $_SERVER["HTTP_INCAP_CLIENT_IP"]; $split = explode(',', $ips); $one = $split[0]; // most likely your proxy ip $two = $split[1]; // probably your real ip
You might need to use X_FORWARDED_IP or whatever instead to do the above, not sure. Never used incapsula.
Reply With Quote![[Release] Incapsula Real IP revCMS](http://ragezone.com/hyper728.png)