Can AutoBlog pull RSS feeds from a private internet with a RFC1918 IP?

I tried the force feed add-on, but even then I am not sure if there is a workaround for pulling a feed from a private server. Can you tell me if it is possible to pull rss feeds from a private internet IP starting with RFC1918?

  • James Morris

    Hello pssdadmin,

    I hope you are well today. I'll be following up with you regarding your ticket.

    Unfortunately, no. Autoblog cannot do this. Nor can any other software actually. The issue is that RFC1918 IP addresses (Private Network Addresses) are not routable. Meaning, they cannot communicate over the World Wide Web.

    In order for communication to work with such a private server, you need to have a public facing IP address (routable) and a router that supports Network Address Translation (NAT) which can map the web communication to the specific private server RFC1918 IP.

    Most off the shelf routers will support this type of translation. Also, many support Dynamic DNS if your network does not have a static, public facing IP address. This gives you a unique FQDN that changes IP address whenever a change in your network IP is detected. (ex: mynetwork.dyndns.org)

    So, technically, is this possible? Absolutely, but not using the RFC1918 IP directly. You have to use the public facing IP and NAT to accomplish this.

    I hope this clarifies a bit. Let us know if you have any further questions. We'll be happy to help! :slight_smile:

    Best regards,

    James Morris

  • pssdadmin

    Good morning James,

    Thank you for your comments. This makes sense and we already perform enterprise NAT'ing at our gateway.

    The problem here lies with the fact that we host many WordPress sites in our datacenter. Our datacenter uses RFC1918 addressing for everything. So as a result when Blog Site A tries to access Blog Site B, the internal DNS will return an RFC1918 address. If I were to modify the hosts file and have Blog Site A access Blog Site B via a public IP, our firewalls would block the traffic as the source address would be a RFC1918 address. That address would be seen as a spoof coming from the Internet when it already belongs to an internal network.

    What I am asking for is for the plugin to override the WordPress security to allow internal traffic. Preferably on a feed by feed basis rather than Global as this would minimize the security risk being added. This is similar to the "Force SSL verification" option where this can be disabled to allow self-signed certificates which is also a security risk.

    The code that I have manually added to the site is this:

    add_filter( 'http_request_args', function( $args ) {
    $args['reject_unsafe_urls'] = false;
    return $args;
    } );

    Let me know if this is possible.

    Thanks!

  • James Morris

    Hello pssdadmin,

    Hmmm... I think there's a little confusion here...

    What I am asking for is for the plugin to override the WordPress security to allow internal traffic.

    There is no such plugin because there's no such block built into WordPress. Let me explain...

    WordPress is completely network agnostic. It's not aware of whether it's hosted on an Intranet, Extranet or localhost. All you need for it to work is a web server, database and PHP engine. WordPress will serve up content regardless of the network scheme you use provided the prerequisite software is installed and configured.

    It sounds like where your problem lies is that you have an external facing site (Extranet) that you want to pull data from an internal only site (Intranet). Unless you can assign port forwarding and a public facing IP to the Intranet site you want to pull data from, I'm afraid you may not be able to do what you want to accomplish with AutoBlog. AutoBlog won't work with addresses it cannot access using standard URIs.

    I hope this clarifies a bit. Let me know if I'm on the right track here.

    Best regards,

    James Morris

  • pssdadmin

    Hi James,

    I think there is something being missed here. Removing the code snippet from above I was able to confirm breaks the operation of the Autoblog plugin.

    Let me clarify what our setup looks like as i think this will make more sense. The server's IP address is 192.168.0.120. In the host file on the server, I have set two entries, SiteA.com 192.168.0.120 and SiteB.com 192.168.0.120. When I go to SiteA.com and setup Autoblog to pull the blog entries from SiteB.com the plugin fails to retrieve any posts or connect.

    Once I add the snippet of code from above to override, the process works. This is a feature design by WordPress from what I understand that would block WordPress from trying to access internal resources which is a security risk. However when both sites are hosted on the same host, not being able to do this is a problem.

    I need a way to preferably white list an address or IP that I am pulling content from. This would be similar to ignoring SSL Certificate validation.

    Does that help clarify? Please see here for further information: https://stackoverflow.com/questions/13938908/rss-wordpress-simplepie-claiming-valid-url-as-invalid

    Error Message: WP HTTP Error: A valid URL was not provided.

    Thanks.

  • James Morris

    Hello pssdadmin,

    I apologize for the delay in response.

    I setup a test environment using RFC1918 IP addresses and have tested out what you are referring to. I saw the same error and I also confirmed the code you provided worked on my local network LAMP stack.

    So, now I have a clear picture of the problem. And my understanding of the question is if it is possible to only allow this security override on a feed by feed basis so that you're not potentially opening up your system to malicious URLs.

    There are no plugins to do this kind of thing that I'm aware of. However, I'm going to ping our SLS Team (code experts) to get their valuable feedback on this issue. There may be some conditional logic they can offer that you could load in a mu-plugin to accomplish this.

    Best regards,

    James Morris

  • James Morris

    Hello pssdadmin,

    You could eliminate the update issue by adding the above code as a mu-plugin. All you have to do is create an empty PHP file named allow-RFC1918.php. Add the following code in it.

    <?php
    add_filter( 'http_request_args', function( $args, $url ) {
    $white_ips = array( '192.168.0.120', '192.168.0.125' );
    if ( in_array( $url, $white_ips ) ) {
    $args['reject_unsafe_urls'] = false;
    }
    return $args;
    } );

    Save the file.
    Navigate to wp-content/ on your server via FTP.
    If the folder doesn't exist, create a folder named mu-plugins/
    Upload allow-RFC1918.php into wp-content/mu-plugins/

    This will automatically activate the code and it will be independent of any updates.

    I hope this clarifies a bit. Let us know if you have any further questions. We're happy to help! :slight_smile:

    Best regards,

    James Morris

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.