Whitelist IP for Cloudflare site – Standalone

leon_m
Member | 6
+
0
-

Is it possible to whitelist my IP if a site is using Cloudflare when running Tracy as standalone.

I don't really understand this part of the documentation:

Other option is to set it up in a way, that development mode will be on when the application is accessed from a defined IP address with a defined value of tracy-debug cookie. The syntax used to achieve this is cookie-value@ip-address.

Does it mean something like this?

setcookie("tracy-debug", 'tracy-debug@MY-STATIC-IP');
Debugger::enable(Debugger::DETECT, __DIR__ . '/../log');
Rick Strafy
Nette Blogger | 41
+
0
-

I don't use it standalone, but I think it's Debugger::enable('tracy-debug@MY-STATIC-IP', __DIR__ . '/../log');. If you are using cloudflare you should have a way how to get your real IP address, most likely via nginx or apache, I know that with nginx it's possible that address will be in $_SERVER['REMOTE_ADDR'] when accessed from cloudflare verified IP address (they have a whole bunch of them). Another way is to configure nette/http with proxy setting and add all cloudflare IPs as allowed proxy addresses, here they are https://www.cloudflare.com/ips/.

Last edited by Rick Strafy (2022-05-07 16:24)

Rick Strafy
Nette Blogger | 41
+
0
-

And if you want to whitelist only your IP, insert only IP there, not IP with a cookie, you can check the code how it's verified at https://github.com/…Debugger.php#L579, $_SERVER['REMOTE_ADDR'] is read, so it means you need to get your real IP into $_SERVER['REMOTE_ADDR'] before calling enable() in tracy. Also you can see how that detectDebugMode() works, so you can do something similar before calling enable(), and you can enable tracy in production/debug mode according to your result from custom detection.

Last edited by Rick Strafy (2022-05-07 16:27)

leon_m
Member | 6
+
0
-

@RickStrafy thanks for taking the time to respond. I've been distracted with our projects and have only just gotten back to this.

I tried a few different things, but in the end went with this – not very elegant, but it works:

if ((!empty($_SERVER['HTTP_CF_CONNECTING_IP']) && $_SERVER['HTTP_CF_CONNECTING_IP'] === $_ENV['DEV_IP']) || empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
    Debugger::enable(Debugger::DEVELOPMENT);
} else {
    Debugger::enable(Debugger::DETECT, __DIR__ . '/../log');
}