GreySec Forums Technology and Miscellaneous IT-Discussion Open IT-Discussion Web-Server Security Guide
Thread Modes
Web-Server Security Guide
cisla
Dump Collector
 **
Posts: 21
Threads: 3
Joined: Dec 2015
Reputation: 1
#11
01-04-2016, 07:13 PM
Be careful with PHP Firewall:

Code:
FUNCTION PHP_FIREWALL_get_ip() {
if ( PHP_FIREWALL_get_env('HTTP_X_FORWARDED_FOR') ) {
return PHP_FIREWALL_get_env('HTTP_X_FORWARDED_FOR');
} elseif ( PHP_FIREWALL_get_env('HTTP_CLIENT_IP') ) {
return PHP_FIREWALL_get_env('HTTP_CLIENT_IP');
} else {
return PHP_FIREWALL_get_env('REMOTE_ADDR');
}
}


The user can easilly change HTTP headers in the request, and put a fake IP, the best is to keep "REMOTE_ADDR". If the user use a proxy and you really want his real IP then keep both. Just keep in mind that the forwarded IP can be faked.
Reply
Cryptography
Member
 ***
Posts: 193
Threads: 91
Joined: Jun 2015
Reputation: 10
#12
01-06-2016, 10:54 PM
(01-04-2016, 07:13 PM)cisla Wrote: Be careful with PHP Firewall:

Code:
FUNCTION PHP_FIREWALL_get_ip() {
if ( PHP_FIREWALL_get_env('HTTP_X_FORWARDED_FOR') ) {
return PHP_FIREWALL_get_env('HTTP_X_FORWARDED_FOR');
} elseif ( PHP_FIREWALL_get_env('HTTP_CLIENT_IP') ) {
return PHP_FIREWALL_get_env('HTTP_CLIENT_IP');
} else {
return PHP_FIREWALL_get_env('REMOTE_ADDR');
}
}


The user can easilly change HTTP headers in the request, and put a fake IP, the best is to keep "REMOTE_ADDR". If the user use a proxy and you really want his real IP then keep both. Just keep in mind that the forwarded IP can be faked.

That's the only real problem with PHP-Firewall, other than that it's a pretty great tool to me.
Reply
cisla
Dump Collector
 **
Posts: 21
Threads: 3
Joined: Dec 2015
Reputation: 1
#13
01-07-2016, 06:51 PM
(01-06-2016, 10:54 PM)Cryptography Wrote:
(01-04-2016, 07:13 PM)cisla Wrote: Be careful with PHP Firewall:

Code:
FUNCTION PHP_FIREWALL_get_ip() {
if ( PHP_FIREWALL_get_env('HTTP_X_FORWARDED_FOR') ) {
return PHP_FIREWALL_get_env('HTTP_X_FORWARDED_FOR');
} elseif ( PHP_FIREWALL_get_env('HTTP_CLIENT_IP') ) {
return PHP_FIREWALL_get_env('HTTP_CLIENT_IP');
} else {
return PHP_FIREWALL_get_env('REMOTE_ADDR');
}
}


The user can easilly change HTTP headers in the request, and put a fake IP, the best is to keep "REMOTE_ADDR". If the user use a proxy and you really want his real IP then keep both. Just keep in mind that the forwarded IP can be faked.

That's the only real problem with PHP-Firewall, other than that it's a pretty great tool to me.

Yes I think so, good base to detect attacks I kept it in favorite for future usages.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Web Dev Looking for job because of corona virus TwoDots 1 3,150 08-09-2020, 10:07 PM
Last Post: Insider
  LAMP, LDAP, and PostFix, Ubuntu VM security and monitoring measures? QMark 4 7,679 04-26-2019, 12:25 AM
Last Post: Insider
  CompTIA Security+ Study Notes Cypher 0 5,070 02-26-2018, 02:31 PM
Last Post: Cypher
  Need advice for a home file server - $500 Budget lunorian 1 4,564 05-22-2017, 05:48 AM
Last Post: Cypher