Ticket #4412 (closed enhancement: wontfix)
Get real IP address for proxy-passed WordPress installations
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Administration | Version: | 2.3 |
| Severity: | normal | Keywords: | has-patch |
| Cc: |
Attachments
-
comment.patch.diff
(1.0 KB) -
added by RuddO 5 years ago.
- Comment detection of 127.0.0.1
Change History
comment:2
foolswisdom — 5 years ago
- Version set to 2.3
- Component changed from Security to Administration
- Description modified (diff)
- Milestone set to 2.3 (trunk)
RuddO, can you not use the f-bomb in your bug reports ;-)
Oooookay... Anyway I see the patch has apparently been accepted. Remember the patch is preliminary -- sometimes WordPress is fronted by a server in *another* IP, so 127.0.0.1 isn't necessarily the right candidate for validation and branch execution of the code that sets the IP. Perhaps we need to detect an HTTP header (insecure) or another condition that *only* is true when Squid is fronting us? Perhaps a new admin option ("being fronted by an accelerated proxy" is in order? As it currently stands, however, it works for me.
comment:6
markjaquith — 4 years ago
- Status changed from new to closed
- Resolution set to wontfix
- Milestone 2.4 deleted
I really don't think this is something to be done on the application level. If you're running in front of a proxy, it it your job to set up your PHP installation to put the correct address into $_SERVER['REMOTE_ADDR']
You can do this via a PHP prepend, as set in php.ini
auto_prepend_file
Oh bollocks, it got screwed. I'll attach the file.