Make WordPress Core

Opened 16 years ago

Closed 16 years ago

Last modified 14 years ago

#4412 closed enhancement (wontfix)

Get real IP address for proxy-passed WordPress installations

Reported by: ruddo's profile RuddO Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.3
Component: Administration Keywords: has-patch
Focuses: Cc:

Description (last modified by foolswisdom)

When WordPress is proxy-passed, commenters' remote addresses appear as, which of course messes up some antispam plugins that use this information. Hope this patch helps those of us who are fronting WP with Squid and the like.

Attachments (1)

comment.patch.diff (1.0 KB) - added by RuddO 16 years ago.
Comment detection of

Download all attachments as: .zip

Change History (7)

#1 @RuddO
16 years ago

Oh bollocks, it got screwed. I'll attach the file.

16 years ago

Comment detection of

#2 @foolswisdom
16 years ago

  • Component changed from Security to Administration
  • Description modified (diff)
  • Milestone set to 2.3 (trunk)
  • Version set to 2.3

RuddO, can you not use the f-bomb in your bug reports ;-)

#3 @RuddO
16 years ago

Oooookay... Anyway I see the patch has apparently been accepted. Remember the patch is preliminary -- sometimes WordPress is fronted by a server in *another* IP, so isn't necessarily the right candidate for validation and branch execution of the code that sets the IP. Perhaps we need to detect an HTTP header (insecure) or another condition that *only* is true when Squid is fronting us? Perhaps a new admin option ("being fronted by an accelerated proxy" is in order? As it currently stands, however, it works for me.

#4 @foolswisdom
16 years ago

  • Keywords has-patch added

#5 @ryan
16 years ago

  • Milestone changed from 2.3 to 2.4

#6 @markjaquith
16 years ago

  • Milestone 2.4 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I really don't think this is something to be done on the application level. If you're running in front of a proxy, it it your job to set up your PHP installation to put the correct address into $_SERVER['REMOTE_ADDR']

You can do this via a PHP prepend, as set in php.ini


Note: See TracTickets for help on using tickets.