Using load balancer IP for member's IP address

[jjsmith]

Hi,

I recently moved our smf install to behind a load balancer. 

Now, when someone logs on, their IP address is changed to the load balancer's IP address.

Does anyone know if there's a way to have SMF use the correct IP address?

Maybe a mod to fix this?

If it helps ...

I see in the database - in the 'members' table - columns 'member_ip' and 'member_ip2'.

There are currently about 1200 members with the load balancer IP in 'member_ip'.

There's about 450 with load balancer IP in 'member_ip2'.  The remaining 750 or so have what looks like a unique IP address in 'member_ip2'

I'm running SMF - ver 2.0.13

Thanks for any insight!

[Arantor]

Well, which load balancer? Does it pass the real IP address in somehow?

[jjsmith]

I host our site at rackspace on a cloud server.  I recently created a load balancer for our account, and then changed the DNS entry for our website to be that of the load balancer.

I'm not sure if the load balancer passes the real IP address in. 

That is ... The request comes from the browser to our load balancer (due to the DNS entry).  Rackspace then forwards that to our cloud server (where SMF is).  I don't know if SMF has access to the browser's IP address, or just that of the load balancer.

Is there a way for me to determine that?  Eg, if I put getallheaders() into index.php, would that show me all the info that smf is getting, and thus the IP address of the load balancer, and (hopefully) the IP of the browser?

If both IP addresses are being passed in, I wonder if there's a system setting, or a mod, or a simple code change that I could write my own mod for - that would allow me to specify from which header that smf should get the member IP.

Hope this makes sense ...

[Sir Osis of Liver]

If your coding is a lot better than mine, you can see how SMF detects ips in QueryString.php.

[Arantor]

If the load balancer never passes the real IP address in, there's literally no way for SMF to do anything about it.

If you put getallheaders() in, it's possible you'll see a useful header that can be used and it's a trivial enough change to QueryString.php to point things at the right header.

[jjsmith]

Thanks for these ideas.

Instead of getallheaders(), I displayed the $_SERVER array from index.php.

That gave me $_SERVER['REMOTE_ADDR'] = "10...."  - which is the internal network ip address of my load balancer.  And nowhere else in $_SERVER is the browser's IP address to be found.

So at this point it's as you say - SMF can't do anything about it because they don't even get the ip address.

I'm waiting on rackspace now to see if they can help.

In the mean time - is there anything else that could work?  Eg ... can I use javascript to get the browser's ip address and put that in a unique request header? 

[Arantor]

Honestly, it's a pretty poor load balancer that can't put the IP address into any of the standard headers for this. Get Rackspace to make it not be rubbish

[jjsmith]

update ...

The reason they can't put the ip in the header is because ssl termination is at the cloud server, not the load balancer.  So the packet is still encrypted at the balancer, so it can't de/encrypt to add that header.

My resolution for this for now is to just remove the load balance, and change the dns to point directly to the server.

Thanks for your help with this.

Josh