[wp-trac] Re: [WordPress Trac] #4412: Get real IP address for proxy-passed WordPress installations

WordPress Trac wp-trac at lists.automattic.com
Wed Jun 6 15:01:33 GMT 2007 

#4412: Get real IP address for proxy-passed WordPress installations
----------------------------+-----------------------------------------------
 Reporter:  RuddO           |        Owner:  anonymous  
     Type:  enhancement     |       Status:  new        
 Priority:  normal          |    Milestone:  2.3 (trunk)
Component:  Administration  |      Version:  2.3        
 Severity:  normal          |   Resolution:             
 Keywords:                  |  
----------------------------+-----------------------------------------------
Changes (by foolswisdom):

  * version:  => 2.3
  * component:  Security => Administration
  * milestone:  => 2.3 (trunk)

Old description:

> When WordPress is proxy-passed, commenters' remote addresses appear as
> 127.0.0.1, which of course fucks up some antispam plugins that use this
> information.  Hope this patch helps those of us who are fronting WP with
> Squid and the like:
>
> Index: comment.php
> ===================================================================
> --- comment.php (revisión: 32)
> +++ comment.php (copia de trabajo)
> @@ -384,7 +384,20 @@
>         $commentdata['user_ID']         = (int) $commentdata['user_ID'];
>
>         $commentdata['comment_author_IP'] = preg_replace( '/[^0-9., ]/',
> '',$_SERVER['REMOTE_ADDR'] );
> -       $commentdata['comment_agent']     = $_SERVER['HTTP_USER_AGENT'];
> +       if ($commentdata['comment_author_IP'] == "127.0.0.1") {
> +               foreach ( array(
> +                       "HTTP_CLIENT_IP",
> +                       "HTTP_X_FORWARDED_FOR",
> +                       "HTTP_X_FORWARDED",
> +                       "HTTP_FORWARDED_FOR",
> +                       "HTTP_FORWARDED",
> +                       "REMOTE_ADDR") as $addrtype ) {
> +                               if (!isset($_SERVER[$addrtype])) {
> continue; }
> +                               $commentdata['comment_author_IP'] =
> preg_replace( '/[^0-9., ]/', '',$_SERVER[$addrtype] );
> +                               if ($commentdata['comment_author_IP'])
> break;
> +                       }
> +       }
> +       $commentdata['comment_agent'] = $_SERVER['HTTP_USER_AGENT'];
>
>         $commentdata['comment_date']     = current_time('mysql');
>         $commentdata['comment_date_gmt'] = current_time('mysql', 1);

New description:

 When WordPress is proxy-passed, commenters' remote addresses appear as
 127.0.0.1, which of course messes up some antispam plugins that use this
 information.  Hope this patch helps those of us who are fronting WP with
 Squid and the like.

Comment:

 RuddO, can you not use the f-bomb in your bug reports ;-)

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4412#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list