[wp-trac] [WordPress Trac] #11938: Akismet doesn't take the HTTP_X_FORWARDED_HOST into account, sees all comments as spam

WordPress Trac wp-trac at lists.automattic.com
Mon Jan 18 13:19:24 UTC 2010


#11938: Akismet doesn't take the HTTP_X_FORWARDED_HOST into account, sees all
comments as spam
--------------------------+-------------------------------------------------
 Reporter:  husky         |       Owner:       
     Type:  defect (bug)  |      Status:  new  
 Priority:  normal        |   Milestone:  2.9.2
Component:  General       |     Version:  2.9.1
 Severity:  normal        |    Keywords:       
--------------------------+-------------------------------------------------
 On some installations, requests are forwarded to separate 'PHP workers'
 and the original REMOTE_ADDR key in the $_SERVER superglobal might be
 changed to the forwarders IP instead of the original commenter. This means
 that all requests have the same REMOTE_ADDR when send to the Akismet
 servers and therefore are all seen as spam.

 The forwarding servers add an extra header to the HTTP request called
 'HTTP_X_FORWARDED_HOST' that contains the original IP.

 I've attached a patch that uses this address if it's available, else it
 does take the normal 'REMOTE_ADDR' key into account.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11938>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list