Make WordPress Core

Opened 8 years ago

Closed 8 years ago

Last modified 6 years ago

#4412 closed enhancement (wontfix)

Get real IP address for proxy-passed WordPress installations

Reported by: RuddO Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.3
Component: Administration Keywords: has-patch
Focuses: Cc:

Description (last modified by foolswisdom)

When WordPress is proxy-passed, commenters' remote addresses appear as, which of course messes up some antispam plugins that use this information. Hope this patch helps those of us who are fronting WP with Squid and the like.

Attachments (1)

comment.patch.diff (1.0 KB) - added by RuddO 8 years ago.
Comment detection of

Download all attachments as: .zip

Change History (7)

#1 @RuddO
8 years ago

Oh bollocks, it got screwed. I'll attach the file.

8 years ago

Comment detection of

#2 @foolswisdom
8 years ago

  • Component changed from Security to Administration
  • Description modified (diff)
  • Milestone set to 2.3 (trunk)
  • Version set to 2.3

RuddO, can you not use the f-bomb in your bug reports ;-)

#3 @RuddO
8 years ago

Oooookay... Anyway I see the patch has apparently been accepted. Remember the patch is preliminary -- sometimes WordPress is fronted by a server in *another* IP, so isn't necessarily the right candidate for validation and branch execution of the code that sets the IP. Perhaps we need to detect an HTTP header (insecure) or another condition that *only* is true when Squid is fronting us? Perhaps a new admin option ("being fronted by an accelerated proxy" is in order? As it currently stands, however, it works for me.

#4 @foolswisdom
8 years ago

  • Keywords has-patch added

#5 @ryan
8 years ago

  • Milestone changed from 2.3 to 2.4

#6 @markjaquith
8 years ago

  • Milestone 2.4 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I really don't think this is something to be done on the application level. If you're running in front of a proxy, it it your job to set up your PHP installation to put the correct address into $_SERVER['REMOTE_ADDR']

You can do this via a PHP prepend, as set in php.ini



Note: See TracTickets for help on using tickets.