Printable View
Hello, RaGEZONE.
As many noobs have problems with Incapsula and revCMS, I decided the fix for real IP with Incapsula.
First you open your global.php, and replace everything with this THIS.. Woïla. Every user should now have "ip_reg" real IP, and not Incapsula proxy IP.
I hope this will be useful for noobs.
Enjoy!
Thanks man :junglejane:
Or use:
$_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_INCAP_CLIENT_IP"] ? $_SERVER["HTTP_INCAP_CLIENT_IP"] : $_SERVER["REMOTE_ADDR"];
You know that HTTP_INCAP_CLIENT_IP can be changed with a simple httpheader changer... And that a cms like revcms doesn't filter it... So you can run mysql exploits.. Ps you can do that by cloudflare too...Quote:
Originally Posted by Vexq
- Spot Ify
No problem.Quote:
Originally Posted by Sve9n
- - - Updated - - -
If you just have shit to post on EVERY thread I post, just f*k off.Quote:
Originally Posted by Exonize
Using your method you allow IP spoofing if hacker have real IP of server. (some way to get it)
Actually, I'm personally using Incapsula for CDN.
You can't do it with CF anymore because I reported it to them.Quote:
Originally Posted by Spot Ify
To Who? to all retro's or did you report it to cloudflare...Quote:
Originally Posted by Jonteh
because its not a cloudflare issue its a code issue becaue if you know the real ip...
Then can you change the host so the server thinks you are entering the website from the real domain (if they have the bindings at the domain by IIS)
And then you have direct connection and by direct connection can you set the HTTPHEADERS because there is no cloudflare who delete the header...
There are easy fixes for this validating the header (I recommed that)
Or allow only the cloudflare ips in IIS with IP and Domain Restrictions (I recommed this too because its also for the AntiDDOS ;p)
- Spot Ify
CloudFlare validates the cf connecting IP header before sending it to the website.Quote:
Originally Posted by Spot Ify
I know this because I used said exploit to hack many websites. I reported it to them and got a year of pro and a t shirt, lolz.
With me after i replace, people still have the Proxy IP ?
They alwayd did lol bug I'm saying that if you Know the real ip of the webserver. Then you can just skip Cloudflare and have a direct connection.. Because cloudflare is just a domainproxy and it has nothing to do with the real webserver. So you can still change the header if you know the real ip and adding it to your hostfile. Lol
But if you setup iis to allow only connections from cloudflare is it impossible to do that.. But there are just some retro's who have that...
And I just tested it at a big hotel with cloudflare and it was still possible...
-spot Ify
Did you replace your whole global.php?Quote:
Originally Posted by UartigZone
Yes and still the same ....Quote:
Originally Posted by Zedd
It's working here. Be sure if you're using a http proxy over Incapsula it won't work.Quote:
Originally Posted by UartigZone