Message Board

Installing Honey Pots

Older Posts ]   [ Newer Posts ]
 Validation errors on CloudFlare-enabled site
Author: P.Stephenson   (12 Feb 12 9:56am)
Hi folks,

I have a honey pot on one of my sites (not posting here to avoid it being detected by spammers -- I'd be happy to provide a URL to staff if they wish to investigate), on which I recently enabled CloudFlare.

If I connect directly to my webserver (bypassing CloudFlare), the honey pot works exactly as expected. However, if I connect to it using CloudFlare, things break: I get the dreaded "A validation error occurred. If this problem persists, you will need to generate a new script." error.

I've set up a page rule in CloudFlare for that script that disables all caching, "minifying" of JavaScript, CSS, etc. Still no dice.

I did some PHP testing (my Project Honey Pot script uses PHP), and the only difference I can find between connecting directly and connecting through CloudFlare is that $_SERVER["REMOTE_ADDR"] returns only the client's IP address when connecting directly, and returns both the client IP address and the CloudFlare server's address.

For example, if xxx.xxx.xxx.xxx is the actual client IP address and yyy.yyy.yyy.yyy is the CloudFlare reverse proxy IP address, the following results are returned depending on if one connects directly or via CloudFlare:

Direct: xxx.xxx.xxx.xxx
CloudFlare: xxx.xxx.xxx.xxx, yyy.yyy.yyy.yyy

This comma and second address evidently breaks things.

I attempted to replace $_SERVER['REMOTE_ADDR"] in the script with CloudFlare's $_SERVER['HTTP_CF_CONNECTING_IP'] call (which returns only the client IP address, just like REMOTE_ADDR does if not using CloudFlare), but the script detects that it's been modified and refuses to run.

My website is hosted on a provider that will not (as they're very picky about what is installed on their servers) install mod_cloudflare, which would fix the REMOTE_ADDR issue.

Any suggestions?

Is it possible to have a custom script that uses HTTP_CF_CONNECTING_IP instead of REMOTE_ADDR (or ideally has some sort of logic to detect if CloudFlare is being used or not and uses the appropriate call)?

Thanks!
-Pete
 
 Re: Validation errors on CloudFlare-enabled site
Author: P.Stephenson   (23 Feb 12 12:59pm)
Addendum: The problem seems to have resolved itself without any changes to the scripts. Go figure.

On a related note CloudFlare acts as a dual-stack IPv4/IPv6 reverse proxy (my server is IPv4 only, for the time being). If I visit the honey pot script from an IPv4-only client, the script performs as expected. If I visit it from an IPv6-enabled client it presents the validation error again.

As mentioned above, when visiting with an IPv4-only client the PHP REMOTE_ADDR returns both the IP address of the CloudFlare proxy and of the client. When I visit using IPv6-only client, REMOTE_ADDR only returns the IP address of the CloudFlare server. This may be why the validation error is occurring.
 
 Re: Validation errors on CloudFlare-enabled site
Author: T.Teschner3   (1 Mar 12 12:33am)
Fyi: related to the validation error: any tampering of the honeypot script is detected as the checksum of your script is checked against the one they have on file when they created it for you.



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email