Prestashop: Prestashop 1.6 wrongly locates user when using CDN

Created on 6 Mar 2019 · 11Comments · Source: PrestaShop/PrestaShop

I'm sorry, I tried on the PS forum, but no answer.

I'm using a CDN (not using the mediaserver input, I mean full CDN system not only for static files) and a firewall since a few days. CDN sends SFF headers with 3 IPs : theirs, firewall's and client's (HTTP_X_FORWARDED_FOR). While discovering this, I was wondering how PS locates people (when not using geoip) and remembered it was working fine before the CDN. I had a look at class/Tools.php that calls the x forwarded only if remote_addr is empty (which is a problem as remote_addr is actually available here bur wrong). I could change it, but if there is an existing fix, I'd use it. Since I'm using the CDN, the site locates me in the USA, where the CDN is, not me. Any idea how to fix this ?

Feel free to close the thread if it's a problem, but I really can't figure this out.
Thank you

PrestaShop version: 1.6

1.6.1.23 No change required

Source

hellodracon

All 11 comments

Hi @hellodracon,

After activating the CDN, Could you please try to regenerate the file .htaccess

Rename the old file to .htaccess_old
Disable friendly URL
Enable friendly URL

This issue occurs with PS1.7 also?
Thanks!

khouloudbelguith on 6 Mar 2019

thank you @khouloudbelguith

I tried it, but that's the same. I think I had already changed it since the media server wasn't in the htaccess.

i don't know about 1.7, difficult to try this. I was hoping for the same problem mentioned by someone else

And even the IP is the wrong one since it uses remote_addr instead of x forwarded (because both are existing)

hellodracon on 6 Mar 2019

@hellodracon, As you may already know, normal maintenance support for PrestaShop 1.6 ended in October 2018, which is now in extended maintenance mode until June 30, 2019.
Thanks for your understanding!

khouloudbelguith on 6 Mar 2019

@khouloudbelguith yes I totally understand. It was just in case someone had the same issue. Thank you. I'll have a look at the PS 1.7 code to verify if it has changed on this peculiar thing.

hellodracon on 6 Mar 2019

👍1

@hellodracon, Thanks!
Waiting for your feedback.

khouloudbelguith on 6 Mar 2019

After some search, it looks more like XFF is rewrote by the host (CDN sends visitor's IP via XFF but origin blocks it for security reasons). I'm still waiting from answers from origin but I guess It's not a PS issue. Think you can close it.

hellodracon on 6 Mar 2019

👍1

@hellodracon, thanks for your feedback.
I close the issue, feel free to open a new one when needed.
Thanks!

khouloudbelguith on 6 Mar 2019

@khouloudbelguith I found out that the IP is sent using another Server Var in my case (in the case of many CDN and firewalls actually). But, I can't find out how Prestashop redirects people through a language or another (actually, mine thinks at the CDN's position event if I changed the function that get the IP in Prestashop).

If someone can explain me that, I'd have a look at the PS 1.6 code and, using my case to fix it, verify if PS 1.7 is ready for that kind of problem (I don't think so by the way, as the function that gets the IP in 1.7 is the same as 1.6, and it's only open to XFF or remote_addr)

hellodracon on 7 Mar 2019

@hellodracon, you can follow this link: https://dh42.com/blog/prestashop-1-6-media-servers/
I hope that helps you!
Thanks!

khouloudbelguith on 7 Mar 2019

@khouloudbelguith unfortunately not. Mediaservers in PS are used when when we use CDN only for static files (images, css, that kind of stuff). I'm using a CDN in a full way (changed my NS, DNS and stuff like that), so we're not using mediaservers in prestashop anymore since that's not only for static files but all the files.

The problem here is about user location using server variables.

hellodracon on 7 Mar 2019

@hellodracon, this bug tracker GitHub used to report issues only. If you need help, you can ask on the Forum (https://www.prestashop.com/forums/), Gitter (https://gitter.im/PrestaShop/General) or Stack Overflow (https://stackoverflow.com/questions/tagged/prestashop).
Thanks for your understanding!

khouloudbelguith on 7 Mar 2019

👍1

Was this page helpful?

0 / 5 - 0 ratings