Add X-Forwarded-For support in SHOUTcast 2

Ask questions, request features, or just complement us about our software and services.
hdprene
Posts: 76
Joined: Thu Jul 30, 2015 9:27 am
Contact:

Add X-Forwarded-For support in SHOUTcast 2

Post by hdprene »

HI Jay I've also sent you a private message with some extra details. Main point is that a correct listeners list in radio toolbox, using reverse proxy (Apache 2.4) needs an adjustment in its shoutcast database seek options. If a listener has a xff line in the shoutcast database then the RB seek tool should take that IP address in stead of the one in hostname. Because the XFF IP address is from the real listener. I really hope this adjustment is possible for you to produce and write.

<LISTENER>
<HOSTNAME>111.222.333.444</HOSTNAME>
<USERAGENT>Nullsoft Winamp3 version 3.0 (compatible)</USERAGENT>
<CONNECTTIME>2929</CONNECTTIME>
<UID>6377</UID>
<TYPE>524289</TYPE>
<REFERER/>
<XFF>555.666.777.888</XFF>
<GRID>6377</GRID>
<TRIGGERS>0</TRIGGERS>
</LISTENER>

P.s. Though it says sent .My private message kept into the outbox in stead of set messages Is that correct?

Best Regards, René Dussen
User avatar
Jay
Will work for food (Administrator)
Posts: 3020
Joined: Mon Jan 14, 2002 12:48 am
Location: Next Door
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by Jay »

Hi René,

Yep, this shouldn't be hard to accomplish. I think the only challenge will be providing a preference for users that makes sense because you would want to mark the server as being behind a reverse proxy so people can't just spoof Radio Toolbox with fake IPs using the X-Forwarded-For header.

Let me think on it. I am leaning toward making it a flag per server. Perhaps you can right click a server and set it as being behind a reverse proxy? Definitely shouldn't take the XFF tag by default though.

Are there any other items in the sheet that indicate that SHOUTcast knows it's behind a reverse proxy? That could make it more automated potentially.
- Jay
hdprene
Posts: 76
Joined: Thu Jul 30, 2015 9:27 am
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by hdprene »

Hi Jay! Thank you very much for your fast answer! I ran into this due to the help of my brother. The goal was to upgrade my radio station website into a https one against minimal costs. Buying a standard TSL/SLL certificate were the only costs in mind. I'm happy to tell you that my "bro" is successful! I wanted this https upgrade because the chromium upgrade from last February gave in almost all browser a huge downgrade; "not save!" Tunein.com even blocked mine all other streams since they weren't https. Recently they made a temporary extra popup player to overcome the issue but it didn't work here. We are in the end-phase of testing now. The problem was that, in my case, both streams and playlist actually do come from another IP address, so a standard ssl certificate fot th site could never be a realistic option.

But t answer your question comparing the Shoutcast (admin) logfiles only brings the a difference having a XFF line or not. And as far as I'm concerned any viewable solution like a flag would be a wonderful Radio Tool Box addition to have!

Best Regards,
René
hdprene
Posts: 76
Joined: Thu Jul 30, 2015 9:27 am
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by hdprene »

Hi Jay!
You asked ...Are there any other items in the sheet that indicate that SHOUTcast knows it's behind a reverse proxy? That could make it more automated potentially...??

Yes the other item is that if there is a XFF line, the hostname line is always filled with MY IP address
User avatar
Jay
Will work for food (Administrator)
Posts: 3020
Joined: Mon Jan 14, 2002 12:48 am
Location: Next Door
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by Jay »

Hi René,

Please try out this beta version and let me know if you run into any problems.

https://www.radiotoolbox.com/downloads/ ... -1-102.exe

Thanks!
- Jay
hdprene
Posts: 76
Joined: Thu Jul 30, 2015 9:27 am
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by hdprene »

WOW! What a surprise!!! Will do
hdprene
Posts: 76
Joined: Thu Jul 30, 2015 9:27 am
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by hdprene »

In general, I don't kiss males, it isn't a good thing to do these days anyway, but It works perfectly here Jay! Thanks, man! You really just made my day!
Ps. the xff listeners get a double IP on the list and map, first theirs than mine, but that is perfect! Image
User avatar
Jay
Will work for food (Administrator)
Posts: 3020
Joined: Mon Jan 14, 2002 12:48 am
Location: Next Door
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by Jay »

Hi René,

Beta 3 should fix the display issues you reported via PM.

https://www.radiotoolbox.com/downloads/ ... -1-103.exe

Let me know if you spot anything else.
- Jay
hdprene
Posts: 76
Joined: Thu Jul 30, 2015 9:27 am
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by hdprene »

Thanks Jay!! I sure will, also if this solves that minor issue. To all other RTB users, I would like to repeat that this update is a great adminstrative addition when you switch to https streaming instead of http using the 'reverse proxy' with apache 2.4. We tried to get it working with 'Microsoft ISS' first but that resulted in little hickups in the audio. 8O When you also take a free ssl/tsl certificate at 'let's encrypt, then the whole procedure is, next to it's programming time, 100% free of charge! :D
hdprene
Posts: 76
Joined: Thu Jul 30, 2015 9:27 am
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by hdprene »

Hi Jay. It works perfectly.

Just wrote a long story but I lost it since the forum system thought it took me too long to write. 8O
To make my too long story short. This afternoon I saw some weird IP addresses in the listener's list ending with a zero.
I found out that these aren't real existing IP addresses. see also at https://www.iana.org/abuse

They had my country flag and internet connection city. So I think they might even come from my own provider for testing? ;-)
In general there were three connections in a certain IP range.

So my question is can you delete them from the listener's listing? These all are IP addresses ending with a zero in the XFF field.

Besst Regards,
René
http://gasradio.info/ip1.jpg ][/url] ..... [/url]http://gasradio.info/ip2.jpg[/url]
User avatar
Jay
Will work for food (Administrator)
Posts: 3020
Joined: Mon Jan 14, 2002 12:48 am
Location: Next Door
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by Jay »

Could be a bug in SHOUTcast. Do you have the raw connection headers by chance? If SHOUTcast is incorrectly parsing this header it could cause this issue. Also be aware that this header is client provided so it's easy to put anything you like there. This is why I opted to put the connection IP in parenthesis so that the user knows it's client provided.

See https://developer.mozilla.org/en-US/doc ... warded-For
and https://developer.mozilla.org/en-US/doc ... /Forwarded
- Jay
hdprene
Posts: 76
Joined: Thu Jul 30, 2015 9:27 am
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by hdprene »

I think you're right that might be the source/case also. When it happens again I'll collect the raw connection headers. But again I'm the most happy fella with this update! :D :D
hdprene
Posts: 76
Joined: Thu Jul 30, 2015 9:27 am
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by hdprene »

I think I have two files with 'collection headers'. Due to it's content I'll send you them private. :wink:
hdprene
Posts: 76
Joined: Thu Jul 30, 2015 9:27 am
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by hdprene »

Hi Jay,
It took some time but using winshark I generated 'two point zero files with the complete headers. Will send them in a minute. Due to its content I'll send them 'private'
Regards,
René
hdprene
Posts: 76
Joined: Thu Jul 30, 2015 9:27 am
Contact:

Re: Add X-Forwarded-For support in SHOUTcast 2

Post by hdprene »

Hi Jay,

Did they give any new insights for you?

Regards,
René
Post Reply