get a SecureIp with bazinga geocoder

Question

get a SecureIp with bazinga geocoder

blade503 opened this issue 7 years ago · 5 comments

I'm using the bazinga geocoder 4.1.0 in a Symfony (3.2.9) project. I use several geolocation part on my application, so I cant use the local ip (127.0.0.1 or docker IP). I need a fakeIp to work with those geolocation. Moreover I use a proxy in local to get an https connection.

The problem is that when I re-write the ip with my fakeip, symfony consider she can't be trust so I get an error because the re-write don't come from my local trusted proxy. Then when I add the IP in the trustedProxies to tell symfony it's a good ip and that he can trust her, but the fakeIp is no more recognize as my local IP.

And symfony starts to use my docker IP. I did few researchs on the internet i thought this could be a solution but it only work partially (https://symfony.com/blog/fixing-the-trusted-proxies-configuration-for-symfony-3-3). I tried to add the trusted proxy of the FakeIP on the FakeRequestListener. But i don't get the result i'm looking for

Sorry for my english. And i hope you can understand my prb

Here is where I am at the moment, it works but i'm forced to add the fakeip in the trusted proxies, thing that i don't want to do, so how could I avoid that ? I just want to reproduce the behaviour of the app on prod, but in local =)

public function onKernelRequest(GetResponseEvent $event)
{
    if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
        return;
    }

    if (null !== $this->fakeIp && !empty($this->fakeIp)) {
           $event->getRequest()->server->set('REMOTE_ADDR', $this->fakeIp);
            $event->getRequest()->setTrustedProxies(array($this->fakeIp));
            $res = $event->getRequest()->getTrustedHeaderName(Request::HEADER_CLIENT_IP);
            $event->getRequest()->setTrustedHeaderName(Request::HEADER_CLIENT_IP , $this->fakeIp  .','. $res );
        }
}

Answer 1 · 2017-06-28T09:24:06.000Z

Thank you for this issue. I will look into updating the fakeIP feature for next release

Answer 2 · 2017-06-28T09:38:07.000Z

Thanks for considering my request, but would you be able to provide me a temporary solution or something that could be able to resolve my prb with isSecure() ?

Answer 3 · 2017-06-28T09:50:47.000Z

The suggestion you wrote here overwrites the existing TrustedProxies. Also, it could be a security breach if an attacker knows what ip you are using as "fake ip".
I'll try to dig into this. I have no solution on the top of my head.

Answer 4 · 2017-06-28T09:58:33.000Z

yes that's why i don't want to use the solution i wrote (i gave it as a possible hint of thinking for peoples), it's too risky to use as it is. I'm using an ip defined in config_dev.yml ( for example 130.211.3.176 )

Answer 5 · 2017-07-15T15:47:05.000Z

I got an idea. We have to use a plugin that rewrites the queries if 127.0.0.1 is in them.
This will not mess up anything with Symfony.

We have to wait for geocoder-php/Geocoder#742 to be merged.