Make WordPress Core

Opened 18 years ago

Closed 17 years ago

Last modified 15 years ago

#4412 closed enhancement (wontfix)

Get real IP address for proxy-passed WordPress installations

Reported by: ruddo's profile RuddO Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.3
Component: Administration Keywords: has-patch
Focuses: Cc:

Description (last modified by foolswisdom)

When WordPress is proxy-passed, commenters' remote addresses appear as 127.0.0.1, which of course messes up some antispam plugins that use this information. Hope this patch helps those of us who are fronting WP with Squid and the like.

Attachments (1)

comment.patch.diff (1.0 KB) - added by RuddO 18 years ago.
Comment detection of 127.0.0.1

Download all attachments as: .zip

Change History (7)

#1 @RuddO
18 years ago

Oh bollocks, it got screwed. I'll attach the file.

@RuddO
18 years ago

Comment detection of 127.0.0.1

#2 @foolswisdom
18 years ago

  • Component changed from Security to Administration
  • Description modified (diff)
  • Milestone set to 2.3 (trunk)
  • Version set to 2.3

RuddO, can you not use the f-bomb in your bug reports ;-)

#3 @RuddO
18 years ago

Oooookay... Anyway I see the patch has apparently been accepted. Remember the patch is preliminary -- sometimes WordPress is fronted by a server in *another* IP, so 127.0.0.1 isn't necessarily the right candidate for validation and branch execution of the code that sets the IP. Perhaps we need to detect an HTTP header (insecure) or another condition that *only* is true when Squid is fronting us? Perhaps a new admin option ("being fronted by an accelerated proxy" is in order? As it currently stands, however, it works for me.

#4 @foolswisdom
17 years ago

  • Keywords has-patch added

#5 @ryan
17 years ago

  • Milestone changed from 2.3 to 2.4

#6 @markjaquith
17 years ago

  • Milestone 2.4 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I really don't think this is something to be done on the application level. If you're running in front of a proxy, it it your job to set up your PHP installation to put the correct address into $_SERVER['REMOTE_ADDR']

You can do this via a PHP prepend, as set in php.ini

auto_prepend_file

http://www.php.net/ini.core

Note: See TracTickets for help on using tickets.