Old 21st November 2014, 09:37   #1
newbornus
Junior Member
 
Join Date: Feb 2014
Posts: 30
X-Forwarded-For support?

Hello, i have shoutcast server behind a proxy (on apache httpd server).
When a client connects to the proxy, i cannot see his real IP address, instead of this i can see only something like <LISTENER><HOSTNAME>192.168.x.x</HOSTNAME>
Client's real IP is written in the X-Forwarded-For HTTP header. Can shoutcast server handle this?
newbornus is offline   Reply With Quote
Old 21st November 2014, 11:16   #2
DrO
 
Join Date: Sep 2003
Posts: 27,873
it can if it was updated to recognise that header.
DrO is offline   Reply With Quote
Old 21st November 2014, 11:29   #3
newbornus
Junior Member
 
Join Date: Feb 2014
Posts: 30
So dnas can recognize this header? I have not found any point in documentation for this.
newbornus is offline   Reply With Quote
Old 21st November 2014, 11:38   #4
DrO
 
Join Date: Sep 2003
Posts: 27,873
it does not currently recognise it as I said and only would if the DNAS was changed to support it.
DrO is offline   Reply With Quote
Old 25th November 2014, 21:42   #5
DrO
 
Join Date: Sep 2003
Posts: 27,873
support for this has been added for the up-coming DNAS release. but will have to see if it causes issues or not as to whether it's kept in or needs to be disabled / fixed in a subsequent build.
DrO is offline   Reply With Quote
Old 25th November 2014, 22:08   #6
Colin2
Junior Member
 
Join Date: Dec 2011
Posts: 7
I don't think that it's a good idea because when the server is not behind a proxy, everybody can set the X-Forwarded-For header to any value.
Colin2 is offline   Reply With Quote
Old 25th November 2014, 22:30   #7
DrO
 
Join Date: Sep 2003
Posts: 27,873
i'm not saying it's replacing the existing client IP handling i.e. that it will be set to the client address as currently seen, but it will be provided in addition to the information which is currently shown for the clients (along with the referrer which was requested elsewhere).
DrO is offline   Reply With Quote
Old 27th February 2015, 20:28   #8
Unknown Artist
Junior Member
 
Unknown Artist's Avatar
 
Join Date: Aug 2014
Posts: 27
Is there an approximate release date for when this feature will be available and under what configuration setting? All my shoutcast instances are behind local proxies, it'd be nice to know exactly who is pinging the stream.

What I do with SHOUTcast otherwise on TuneIn
Unknown Artist is offline   Reply With Quote
Old 27th February 2015, 20:37   #9
DrO
 
Join Date: Sep 2003
Posts: 27,873
there won't be any config options to enable it, though it will most likely only appear via the stats responses and not on the admin pages. as for when, that is a good question...
DrO is offline   Reply With Quote
Old 1st March 2015, 18:34   #10
Unknown Artist
Junior Member
 
Unknown Artist's Avatar
 
Join Date: Aug 2014
Posts: 27
It would be an appropriate feature at the very least to go with the banlists/whitelists. At the moment I have to trust that all the traffic I get is real, because there's nothing distinguishable between the connections (as you've pointed out user-agents are easily spoofed).

I think a white-list user-agent would be nice though (EG create a website which reaches the stream using a specific user-agent) Since it's so easily spoofable, it's ironically enough really easy to use as a gate for the unaware. Though I'd hope to just reserve a hostname if I could.

What I do with SHOUTcast otherwise on TuneIn
Unknown Artist is offline   Reply With Quote
Old 1st March 2015, 20:59   #11
DrO
 
Join Date: Sep 2003
Posts: 27,873
you can already reserve a hostname via the reserved IP page which works with IP and hostnames since v2.2 (as long as you've enabled the DNAS's namelookups option, otherwise it can only with with IP addresses).
DrO is offline   Reply With Quote
Old 2nd March 2015, 03:54   #12
Unknown Artist
Junior Member
 
Unknown Artist's Avatar
 
Join Date: Aug 2014
Posts: 27
Slight mistake, I should've said that I have a reverse local proxy which changes the client's ip address to a local address and uses the X-Forwarded-For as the client's real ip. That's why I'm waiting for this support.

It may be better to make the x-forward-for support more generic, EG maybe something like ipheader=x-forward-for

Although in my case the exact ip of the client is held in another special header created by the reverse proxy.

What I do with SHOUTcast otherwise on TuneIn
Unknown Artist is offline   Reply With Quote
Old 2nd March 2015, 08:47   #13
DrO
 
Join Date: Sep 2003
Posts: 27,873
then that's probably not going to work until a later build than what is already planned to be released. as XFF is only being provided via the stats responses and is not hooked up to be used as part of the banned / reserved actions (it probably should be but not for the time being).

as for custom headers, we're really trying to move away from anything like that and instead going for standard HTTP headers, hence the deprecation of the ICY protocol with the 2.4x releases. though there's still some ICY headers that have to be provided even if we're only provided HTTP responses (apart from when Windows Media Player is involved) to allow in-stream title updates to work. so for your case, it it is something that would help the DNAS in such a situation, unless it's using standard HTTP headers then it probably wouldn't be considered to be factored into the DNAS's handling (when future changes are made relating to the XFF handling).
DrO is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Shoutcast > Shoutcast Discussions

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump