Akismet doesn't take the HTTP_X_FORWARDED_HOST into account, sees all comments as spam
|Reported by:||husky||Owned by:|
On some installations, requests are forwarded to separate 'PHP workers' and the original REMOTE_ADDR key in the $_SERVER superglobal might be changed to the forwarders IP instead of the original commenter. This means that all requests have the same REMOTE_ADDR when send to the Akismet servers and therefore are all seen as spam.
The forwarding servers add an extra header to the HTTP request called 'HTTP_X_FORWARDED_HOST' that contains the original IP.
I've attached a patch that uses this address if it's available, else it does take the normal 'REMOTE_ADDR' key into account.
Change History (5)
- Keywords close has-patch added
- Milestone changed from 2.9.2 to Unassigned
- Milestone Unassigned deleted
- Resolution set to wontfix
- Status changed from new to closed