#4412 closed enhancement (wontfix)
Get real IP address for proxy-passed WordPress installations
Reported by: | RuddO | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.3 |
Component: | Administration | Keywords: | has-patch |
Focuses: | Cc: |
Description (last modified by )
When WordPress is proxy-passed, commenters' remote addresses appear as 127.0.0.1, which of course messes up some antispam plugins that use this information. Hope this patch helps those of us who are fronting WP with Squid and the like.
Attachments (1)
Change History (7)
#2
@
18 years ago
- Component changed from Security to Administration
- Description modified (diff)
- Milestone set to 2.3 (trunk)
- Version set to 2.3
RuddO, can you not use the f-bomb in your bug reports ;-)
#3
@
18 years ago
Oooookay... Anyway I see the patch has apparently been accepted. Remember the patch is preliminary -- sometimes WordPress is fronted by a server in *another* IP, so 127.0.0.1 isn't necessarily the right candidate for validation and branch execution of the code that sets the IP. Perhaps we need to detect an HTTP header (insecure) or another condition that *only* is true when Squid is fronting us? Perhaps a new admin option ("being fronted by an accelerated proxy" is in order? As it currently stands, however, it works for me.
#6
@
17 years ago
- Milestone 2.4 deleted
- Resolution set to wontfix
- Status changed from new to closed
I really don't think this is something to be done on the application level. If you're running in front of a proxy, it it your job to set up your PHP installation to put the correct address into $_SERVER['REMOTE_ADDR']
You can do this via a PHP prepend, as set in php.ini
auto_prepend_file
Oh bollocks, it got screwed. I'll attach the file.