phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0017742phplist applicationInterface - Administratorpublic06-07-15 22:0708-07-15 15:25
Reporterhedrickbt 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSLinuxOS VersionUbuntu 1204
Product Version3.0.12 
Target Versionnext patchFixed in Version3.2.0 
Summary0017742: Resolution for "Your IP address has changed. For security reasons, please login again" when behind a proxy
DescriptionWhen phpList is running on a server that has a proxy in front of it - for example Apache, the ip address phpList sees is the one from the proxy server, not the client.

The fix for this is to read the x-forwarded-for instead of remote_addr when it exists.
Steps To ReproduceAccess
browser -> apache http server acting as a proxy -> apache http server with php rendering module.

Additional InformationI have created a git pull request that fixes this issue.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0056325)
michiel (manager)
06-07-15 22:15

You can just do

define("CHECK_SESSIONIP",0);

in your config to avoid these issues. But yes, it may be nice to be safer in those setups as well, and keep the flag.

Have you read https://github.com/phpList/phplist3/blob/master/CONTRIBUTING.md [^] ?

Sounds like you have, as you've gone through all the steps :-)
Last step would be to sign the CLA: https://www.phplist.com/cla [^]
(0056372)
hedrickbt (reporter)
08-07-15 15:20

I have signed the CLA

Awesome, you have signed the phpList CLA
Your github login: hedrickbt
Your name: Brooke Hedrick
Date signed: 2015-07-08

I am providing the patch as I believe the IP address change is a reasonable check to help with security and I don't want to disable it. This will also help out anyone that checks out phpList, with a proxy in front, to not have to jump online to figure out what needs to be done when that get that error.

Thank you for your consideration.
(0056373)
michiel (manager)
08-07-15 15:25

merged and ready


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker