search

preinheimer / xhprof

XHGUI is a GUI for the XHProf PHP extension, using a database backend, and pretty graphs to make it easy to use and interpret.
Other
833 stars 185 forks source link

How to prevent the profiling from certain IPs? #83

Open Vidzz opened 9 years ago

Vidzz commented 9 years ago

How can I prevent the profiling of PHP codes from certain IP? I don't want to store the data at all instead of just not showing the footer. Is it possible?

aik099 commented 9 years ago

I guess you should specify IP's that allowed to profile instead of excluding not allowed ones. This can be done via $controlIPs setting in your config.php: https://github.com/preinheimer/xhprof/blob/master/xhprof_lib/config.sample.php#L52-L54

Vidzz commented 9 years ago

I tried to do so. Like I wanted to profile only from two URLs. Say, for example, from x.x.x.x:8000 and x.x.x.x:9000, and not any other ports. I tried specifying the same in the config.php as

$controlIPs = array('http://x.x.x.x:9000','http://x.x.x.x:8000');

But when I tried to open the profiling page, the result was "You do not have permission to view this page." Doesn't that controlIPs allow to view and not profile-related?

aik099 commented 9 years ago

Name of the setting suggests that can only have IP in there in general. No ports.

aik099 commented 9 years ago

How come, that your website is served from variety of ports?

Vidzz commented 9 years ago

The thing is to profile data from two PHP applications

aik099 commented 9 years ago

I see. Instead of application being located in the sub-folder you have 2 virtual hosts at different ports instead. Since IP address is the same the _profile cookie ends up on both of them.

I think ports are not supported yet. But you're free to change https://github.com/preinheimer/xhprof/blob/master/external/header.php#L35 and if it goes well for you maybe can also arrange a PR.

preinheimer commented 9 years ago

So $_SERVER['REMOTE_ADDR'] will only ever have the IP, not the IP:PORT combo.

I think there's some confusion over the control IPs: http://x.x.x.x:9000 sounds like where you're accessing the site, rather than the IP:PORT of your own machine. Control IP is designed to allow you to specify the IPs of users able to control the system.

I think to get what you're looking for, I might change how you're including the header.php file. You can put the prepend directive inside the virtual host only for hosts you want profiled.

aik099 commented 9 years ago

@Vidzz , feel free to close the issue if it was resolved.