News:

Looking for documentation? Take a look on our wiki

Main Menu

PayPal Error when using CDN on my Website

Started by SnakeDoc, February 19, 2014, 15:14:10 PM

Previous topic - Next topic

SnakeDoc

Hi,
since a few weeks ago im using Cloudflare, a Content delivery Network (CDN) on my Website to speed it up and for safety. Everything works fine, but the PayPal Plugin in VM 2.0.26d send me an error email at every order via PayPal. When a user orders something in my Shop and pay via PayPal it works fine so far. The money is on my PayPal Account and the Order in the VM backend but still on "Pending". It doesn´t change anymore to "Confirmed by Shopper" when he payed it and i get an email with this:

QuoteHello,

An error with your payment paypal on your store Mogworld-Shop. The details are logged in the file paypal.7.log.php

The VirtueMart Team

The paypal.7.log.php file contains the following:

#
#<?php die("Forbidden."); ?>

2014-02-19 13:06:41 ERROR checkPaypalIps: Error with REMOTE IP ADDRESS = 173.245.48.16.
                        The remote address of the script posting to this notify script does not match a valid PayPal IP address

            These are the valid IP Addresses: 173.0.84.2,173.0.88.34,173.0.84.34,173.0.88.2,173.0.81.1,173.0.81.33,216.113.188.202,216.113.188.203,216.113.188.204,66.211.170.66,173.0.81.1,173.0.81.33,216.113.188.202,216.113.188.203,216.113.188.204,66.211.170.66,173.0.88.66,
173.0.88.98,173.0.84.66,173.0.84.98,173.0.80.00,173.0.80.01,173.0.80.02,173.0.80.03,173.0.80.04,173.0.80.05,173.0.80.06,173.0.80.07,173.0.80.08,173.0.80.09,173.0.80.10,173.0.80.11,173.0.80.12,173.0.80.13,173.0.80.14,173.0.80.15,
173.0.80.16,173.0.80.17,173.0.80.18,173.0.80.19,173.0.80.20,173.0.88.67,173.0.88.99,173.0.84.99,173.0.84.67,173.0.88.69,173.0.88.101,173.0.84.69,173.0.84.101,173.0.88.68,173.0.88.100,173.0.84.68,173.0.84.100,173.0.81.1,173.0.81.33,
64.4.240.0,64.4.240.1,64.4.240.2,64.4.240.3,64.4.240.4,64.4.240.5,64.4.240.6,64.4.240.7,64.4.240.8,64.4.240.9,64.4.240.10,64.4.240.11,64.4.240.12,64.4.240.13,64.4.240.14,64.4.240.15,64.4.240.16,64.4.240.17,64.4.240.18,
64.4.240.19,64.4.240.20,118.214.15.186,118.215.103.186,118.215.119.186,118.215.127.186,118.215.15.186,118.215.151.186,118.215.159.186,118.215.167.186,118.215.199.186,118.215.207.186,118.215.215.186,118.215.231.186,
118.215.255.186,118.215.39.186,118.215.63.186,118.215.7.186,118.215.79.186,118.215.87.186,118.215.95.186,202.43.63.186,69.192.31.186,72.247.111.186,88.221.43.186,92.122.143.186,92.123.151.186,92.123.159.186,92.123.163.186,
92.123.167.186,92.123.179.186,92.123.183.186,173.0.81.1,173.0.81.33,216.113.188.202,216.113.188.203,216.113.188.204,66.211.170.66
The Order ID received was: f7d70357


The RemoteIP Adress 173.245.48.16 is the IP from Cloudflare. Its logical because between the Client and my Webserver is the CDN like a Proxy. I think that is the Problem, but i have no Idea how i can fix it.
Any Ideas what I can do?
Joomla 2.5.17
Virtuemart 2.0.26d

Typhoon365

We also use Cloudflare and are having the same issue since upgrading to 2.6.0a.

As a suggestion for future enhancements would be nice if we could have :
1) Option to turn on/off this ip check for PayPal IPN  via admin console so it's easy to turn off when we sites have issues with it due to ip address changes, behind CDN or whatever other reasons.
2) Updatable list of valid IP addresses/ranges that can be updated via admin console

GJC Web Design

To dump the check the function is in  plugins/vmpayment/paypal/paypal/helpers/paypal.php

function checkPaypalIps() ~ line 489

you could put (haven't tested)   return true;

straight after

protected function checkPaypalIps ($paypal_data) {
        return true;

  .........

or add the ip to the long list there but doesn't the Cloudflare change quite often?
GJC Web Design
VirtueMart and Joomla Developers - php developers https://www.gjcwebdesign.com
VM4 AusPost Shipping Plugin - e-go Shipping Plugin - VM4 Postcode Shipping Plugin - Radius Shipping Plugin - VM4 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
https://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

Typhoon365

yep thanks.. that works for now.

But would like to avoid hacking this file each time we upgrade virtuemart, think it would be worthwhile considering an enhancement to support either or both options I proposed as seems there are a few people that have come across this issue either due to using Cloudflare CDN or for other reasons.  It would give some flexibility to it.  Also would be nice to support defining ip addresses as ranges rather than adding each one individually.

Not sure how often ip's change for Cloudflare CDN, but wouldn't be surprised if they do change often.   

Cloudflare does have page (https://www.cloudflare.com/ips) that lists their IP addresses but seems could be out of date as the request we received was from 108.162.215.96. 

Thanks

Kongzi

Hi,

Same with OVH 's CDN, I don't try to hack the function already.

Thanks for tips, all the best

VM 2.6.6
J2.5.22

escozul

Having the same issue.

However I believe that it can be overcome if the mod_cloudflare is installed and enabled on the apache server.

Has anyone tested if that resolves the issue (Virtuemart 2.6.6)

oviliz

Some news on that? It happens to me with a different CloudFlare IP.

escozul

installing mod_cloudflare on my server solved the issue.

First step I took though was to install the cloudflare component on my joomla installation that does the exact same thing. The issue went away immediately. So then I installed mod_cloudflare on apache and removed the joomla component.

No problems since then.

oviliz


escozul

Since it worked for you, that means that's where the problem lies. I'd sugges to add the mod_cloudflare to the apache server for beter performance. That way the apache server takes care of the translation of the IPs and not a php program. That can be an issue on average to high traffic sites.

alatak

Hello

Thank you for this very interesting info. I had the same problem with a client using CDN.

adomi

Hi,
Indeed. I ve got the same trouble. Even if i installed mod_cloudflare on apache server, and unpublished joomla plugin, the result is the same. Each order raised stays with pending status. I submitted ticket to cloudflare support and still waiting answer. I guess it s story with ips declaration or some settings on cloudflare. Question to who encountered the same error. Is your settings is basic or basic+optimize?
Thanks for help by advance

escozul

Quote from: adomi on November 14, 2014, 11:06:30 AM
Hi,
Indeed. I ve got the same trouble. Even if i installed mod_cloudflare on apache server, and unpublished joomla plugin, the result is the same. Each order raised stays with pending status. I submitted ticket to cloudflare support and still waiting answer. I guess it s story with ips declaration or some settings on cloudflare. Question to who encountered the same error. Is your settings is basic or basic+optimize?
Thanks for help by advance

I'm using basic+optimised

However I'd do a small check to see what the awstats reports.

If the awstats reports only cloudflare IPs (that also looks like an attack) it means that the mod_cloudflare has not been installed and is not working.
you should check that. Ask for some assistance from the hosting company VPS team. They'll be able to check if the mod is working.