[Bug]: Possible bug - IP filtering not working using x-forwarded-for

[fablaser]

Is there an existing issue for this?

• I have searched the existing issues

What happened?

Hello,
I successully modified DNN configuration in order to manage x-forwarded-for header. I set the value x-forwarded-for for UserRequestIPHeader settingname field in hostsetting value. So, I can see the remote address in login attempts, not just cloudflare proxy ip addresses.

Anyway, it seems that DNN ip filtering does not work with this configuration. I enabled ip filtering and added remote ip address of a test client, but the ip is not blocked...

Any help? is it a bug?

Steps to reproduce?

1. enable ip filtering
2. configure UserRequestIPHeader x-forwarded-for in hostsettings table
3. access from banned ip

Current Behavior

No response

Expected Behavior

No response

Relevant log output

Anything else?

No response

Affected Versions

10.0.1 (latest v10 release)

What browsers are you seeing the problem on?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[jeremy-farrance]

Possibly related... see discussion about upper/lowercasing, #6145

[fablaser]

Possibly related... see discussion about upper/lowercasing, #6145

Hello,
I am the author of the post you linked. It is not upper/lowercasing issue... because the x-forwarded-for is lower case and real-ip is correctly logged in admin logs...

Thank you

[valadas]

This was improved in 10.0.1 and you now have a UI to set the header name in the Security module with some help text:

Changing in the database might not apply instantly because of caching, so make sure you use the UI to ensure the changes are applied.
Cloudflare headers documentation is here https://developers.cloudflare.com/fundamentals/reference/http-headers/ so in this specific case it is cased X-Forwarded-For however they do recommend using other headers that guarantee they will only have a single IP in the header value (see blue note under that documentation on cloudflare docs).

[valadas]

If after reading that and trying CF-Connecting-IP if you still have issues please close this issue and open a security issue so we can troubleshoot further in private (as this affects security)