Hi,
We have OJS 2.4.8.1 on Linux Ubuntu and need to activate an Institutional Subscriptions for a client with proxy server.
If I set as IP ranges value the IP that our client get from services like http://www.get-myip.com/ the subscription doesn’t work, if I insert the IP of sigle machines it does.
From server log: access_log 192.000.X.XX - - [07/Feb/2017:15:27:11 +0000] "GET /lib/pkp/styles/xxxxxxxxx 200 260 “http://xxxxxxxxxx/index” “Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko” proxy_access_log 83.000.XX.XXX - - [07/Feb/2017:15:27:11 +0000] "GET /lib/pkp/templates/xxxx 0 “http://xxxxxxxxxx/index” “Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko”
I have to set the first one as IP associated to the subscription.
The client uses proxy McAfee (MailGateway) and I can’t ask the IP of all machines of our client.
What is wrong?
I tried also to set On the trust_x_forwarded_for option in config.inc.php without successfull. Should I reboot the server?
As in the picture (but with different numbers).
Indeed i didn’t insert a range but just a specific IP address (the same that the client get from http://www.get-myip.com/ or similar services)
Hi.
Actually I don’t used an IP range but a single IP address like this: 83.104.28.264 (for privacy I changed them). It is the exiting IP proxy server that our client can read checking on http://www.get-myip.com/. And it doesn’t work.
While with the IP machine, the one of single PC like 192.154.2.15, it does, but it means that I have to know the IP (or IP range) of all machines, while I know just the web server IP.
I’d suggest testing to see how your server environment is presenting IP address to PHP. One way to do that is to create a script containing…
<?php print_r($_SERVER);
Fetch the result through a machine with the connection you’re trying to debug and you should see a dump of server variables. Check the various headers to see where and how the various IPs are showing up. In particular, look at REMOTE_ADDR and X_FORWARDED_FOR.
(Don’t leave that script lying around – it’s not dangerous per se but will expose some details about your server that aren’t normally visible.)
Regards,
Alec Smecher
Public Knowledge Project Team
Array ( ... [REMOTE_ADDR] => 192.16X.X.XX [SERVER_PORT] => 80 [SERVER_ADDR] => 151.23X.XX.X [SERVER_NAME] => mysite.com [SERVER_SOFTWARE] => Apache [SERVER_SIGNATURE] =>
Apache Server at mysite.com Port 80
... [HTTP_VIA] => X.X 192.16X.X.XXX (McAfee Web Gateway X.X.X.X.X.XXXXXXX) ... [HTTP_CONNECTION] => close ... [HTTP_X_REAL_IP] => 83.103.XX.XXX [HTTP_HOST] => mysite.com ... )
REMOTE_ADDR is different from HTTP_VIA
HTTP_X_REAL_IP (83.103.XX.XXX) is what my client get from www.get-myip.com. The one that I tried to insert in IP range of the subscription with no results
Maybe the problem is a bad configuration of proxy.
Probably OJS associate the subscription to the [REMOTE_ADDR] and not to the [HTTP_X_REAL_IP] info.
Our client connection has as [REMOTE_ADDR] the private machine IP and not the public IP.
If so, can you suggest a workaround (apart the correct configuration of proxy?)
The fact I was showing a local IP instead of the actual IP with REMOTE_ADDR was probably due to the fact that I was in the same network with our server. At least I think so, because when I called the script with the function from my home connection, it showed the correct IP. I did not get a value for X_FORWARDED_FOR with my work connection or with my home connection.
The real reason behind our difficulties was actually that the format defined for the subscription type was incorrect. It was set to Print but for the institutional subscriptions to work, it has to be Online or Print and Online. I am managing these straight from the database for OJS3 so I missed the label for these values.
Sorry for interrupting you thread @Enzo, hopefully you will get that solved!
The X_FORWARDED_FOR header is standard, and in a quick search it looks like it’s supported by McAfee Web Gateway. If your proxy isn’t providing it, the best work-around is to modify OJS’s PKPRequest class to have the getRemoteAddr function look at one of the headers that your set-up is providing.
Regards,
Alec Smecher
Public Knowledge Project Team
Hi Alec, I was referring to the script above. I thought the forum software would put my query in line with the message from two years ago… Thanks, radjr