Not logged in. · Lost password · Register
Forum: General Help and Support Installation and Configuration RSS
IP Address Verification
Problem with IP address verification
Avatar
jossif #1
Member since Apr 2007 · 10 posts
Group memberships: Members
Show profile · Link to this post
Subject: IP Address Verification
I can see that DW uses some kind of IP address verification of the logged in client for security reasons. The problem is that it breaks when you are using a load balancer (in which the web browser can be using two simultaneous http sessions, each with a different IP address.

I also breaks on fast switching proxies in which IP addresses can change rapidly.

Is there a way to disable this aspect of DW?

I can see a function in common.php: function clientIP and another function in auth.php: auth_browseruid.

Any help in disabling the use of client IP addresses during auth and creation of cookie will be appreciated.

-- Jossif
Avatar
andi (Administrator) #2
User title: splitbrain
Member since May 2006 · 3503 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
DokuWiki uses the very first number of the client's IP address as one piece of information to secure the cookie. This should not interfere with Proxies or Loadbalancers which usually use IPs in the same netblock. However, DokuWiki also uses PHP sessions which are usually stored on the physical server where the Webserver runs, in a Loadbalancer Setup you need to make sure a user is always sent to the same physical Server (aka. session stickyness) which is usually done by sending a Server cookie to the client.

So the "IP address verification", as you put it, is most likely not your problem, but you can safely remove the line in auth_browseruid().

The clientIP() function used for page locking and access logging only.
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
jossif #3
Member since Apr 2007 · 10 posts
Group memberships: Members
Show profile · Link to this post
The load balancer in this case is at the client side and not at the server side, Andi.

I have several users that have load balancer in their premises, usually 2 to 4 Internet connections each =via a different IP address. The IP addresses are all on different ISPs so the netblocks are all different.,

So, if I edit the auth_browseruid().
function auth_browseruid(){
  $uid  = '';
  $uid .= $_SERVER['HTTP_USER_AGENT'];
  $uid .= $_SERVER['HTTP_ACCEPT_ENCODING'];
  $uid .= $_SERVER['HTTP_ACCEPT_LANGUAGE'];
  $uid .= $_SERVER['HTTP_ACCEPT_CHARSET'];
  #$uid .= substr($_SERVER['REMOTE_ADDR'],0,strpos($_SERVER['REMOTE_ADDR'],'.'));
  return md5($uid);
}

and comment that last line, will resolve my problem?

But what about locks? I can see that the lock/unlock mechanism uses also the IP address of the client.


-- Jossi
Avatar
andi (Administrator) #4
User title: splitbrain
Member since May 2006 · 3503 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Quote by jossif:
So, if I edit the auth_browseruid() and comment that last line, will resolve my problem?

One of them at least ;-)

But what about locks? I can see that the lock/unlock mechanism uses also the IP address of the client.

This would be another problem but only if users are not logged in. If you require a login for editing anyway you won't have a problem because the username will be used for locking. If this is not the case you might need to modify the locking code. Eg. you could use the SessionID instead of the IP, but this means a user could lock herself out when she closes the browser (or it crashes).
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
jossif #5
Member since Apr 2007 · 10 posts
Group memberships: Members
Show profile · Link to this post
Thank you.

I removed the IP from the function and all works well now.

-- Jossi
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-12-14, 09:26:29 (UTC +01:00)