Author: P.Stephenson (12 Feb 12 9:56am)
Hi folks,
I have a honey pot on one of my sites (not posting here to avoid it being detected by spammers -- I'd be happy to provide a URL to staff if they wish to investigate), on which I recently enabled CloudFlare.
If I connect directly to my webserver (bypassing CloudFlare), the honey pot works exactly as expected. However, if I connect to it using CloudFlare, things break: I get the dreaded "A validation error occurred. If this problem persists, you will need to generate a new script." error.
I've set up a page rule in CloudFlare for that script that disables all caching, "minifying" of JavaScript, CSS, etc. Still no dice.
I did some PHP testing (my Project Honey Pot script uses PHP), and the only difference I can find between connecting directly and connecting through CloudFlare is that $_SERVER["REMOTE_ADDR"] returns only the client's IP address when connecting directly, and returns both the client IP address and the CloudFlare server's address.
For example, if xxx.xxx.xxx.xxx is the actual client IP address and yyy.yyy.yyy.yyy is the CloudFlare reverse proxy IP address, the following results are returned depending on if one connects directly or via CloudFlare:
Direct: xxx.xxx.xxx.xxx
CloudFlare: xxx.xxx.xxx.xxx, yyy.yyy.yyy.yyy
This comma and second address evidently breaks things.
I attempted to replace $_SERVER['REMOTE_ADDR"] in the script with CloudFlare's $_SERVER['HTTP_CF_CONNECTING_IP'] call (which returns only the client IP address, just like REMOTE_ADDR does if not using CloudFlare), but the script detects that it's been modified and refuses to run.
My website is hosted on a provider that will not (as they're very picky about what is installed on their servers) install mod_cloudflare, which would fix the REMOTE_ADDR issue.
Any suggestions?
Is it possible to have a custom script that uses HTTP_CF_CONNECTING_IP instead of REMOTE_ADDR (or ideally has some sort of logic to detect if CloudFlare is being used or not and uses the appropriate call)?
Thanks!
-Pete
|