Consider X-Forwarded-For for IP because we used app.UseForwardedHeade…

…rs(); for Reverse Proxy
OrchardCMS · Oct 8, 2024 · f203ea5 · f203ea5
1 parent de60815
commit f203ea5
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 13 deletions.
diff --git a/src/OrchardCore.Modules/OrchardCore.AuditTrail/Services/AuditTrailManager.cs b/src/OrchardCore.Modules/OrchardCore.AuditTrail/Services/AuditTrailManager.cs
@@ -161,7 +161,7 @@ private async Task<string> GetClientIpAddressAsync()
  return null;
  }
 
- return (await _clientIPAddressAccessor.GetIPAddressAsync())?.ToString();
+ return (await _clientIPAddressAccessor.GetIPAddressAsync());
  }
 
  private async Task<AuditTrailSettings> GetAuditTrailSettingsAsync() =>

diff --git a/src/OrchardCore/OrchardCore.Abstractions/IClientIPAddressAccessor.cs b/src/OrchardCore/OrchardCore.Abstractions/IClientIPAddressAccessor.cs
@@ -1,8 +1,6 @@
-using System.Net;
-
 namespace OrchardCore;
 
 public interface IClientIPAddressAccessor
 {
- Task<IPAddress> GetIPAddressAsync();
+ Task<string> GetIPAddressAsync();
 }
diff --git a/src/OrchardCore/OrchardCore.ReCaptcha.Core/ActionFilters/Detection/IPAddressRobotDetector.cs b/src/OrchardCore/OrchardCore.ReCaptcha.Core/ActionFilters/Detection/IPAddressRobotDetector.cs
@@ -32,7 +32,7 @@ private string GetIpAddressCacheKey()
  {
  var address = _clientIpAddressAccessor.GetIPAddressAsync().GetAwaiter().GetResult();
 
- return $"{IpAddressAbuseDetectorCacheKey}:{address?.ToString() ?? string.Empty}";
+ return $"{IpAddressAbuseDetectorCacheKey}:{address ?? string.Empty}";
  }
 
  public RobotDetectionResult DetectRobot()

diff --git a/src/OrchardCore/OrchardCore/Modules/DefaultClientIPAddressAccessor.cs b/src/OrchardCore/OrchardCore/Modules/DefaultClientIPAddressAccessor.cs
@@ -12,18 +12,32 @@ public DefaultClientIPAddressAccessor(IHttpContextAccessor httpContextAccessor)
  _httpContextAccessor = httpContextAccessor;
  }
 
- public Task<IPAddress> GetIPAddressAsync()
+ public Task<string> GetIPAddressAsync()
  {
- var address = _httpContextAccessor.HttpContext?.Connection?.RemoteIpAddress;
-
- if (address != null)
+ string ip = null;
+ // Check for X-Forwarded-For header
+ var forwardedFor = _httpContextAccessor.HttpContext?.Request.Headers["X-Forwarded-For"].FirstOrDefault();
+ if (!string.IsNullOrEmpty(forwardedFor))
+ {
+ // The client IP will be the first IP in the list
+ ip = forwardedFor.Split(',')[0].Trim();
+ }
+ else
  {
- if (IPAddress.IsLoopback(address))
+ // If X-Forwarded-For is not available, use the remote IP address
+ var address = _httpContextAccessor.HttpContext?.Connection?.RemoteIpAddress;
+
+ if (address != null)
  {
- address = IPAddress.Loopback;
+ if (IPAddress.IsLoopback(address))
+ {
+ address = IPAddress.Loopback;
+ }
+
+ ip = address.ToString();
  }
  }
-
- return Task.FromResult(address);
+ 
+ return Task.FromResult(ip);
  }
 }