[wp-trac] [WordPress Trac] #11938: Akismet doesn't take the HTTP_X_FORWARDED_HOST into account, sees all comments as spam
WordPress Trac
wp-trac at lists.automattic.com
Mon Jan 18 13:19:24 UTC 2010
#11938: Akismet doesn't take the HTTP_X_FORWARDED_HOST into account, sees all
comments as spam
--------------------------+-------------------------------------------------
Reporter: husky | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.9.2
Component: General | Version: 2.9.1
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
On some installations, requests are forwarded to separate 'PHP workers'
and the original REMOTE_ADDR key in the $_SERVER superglobal might be
changed to the forwarders IP instead of the original commenter. This means
that all requests have the same REMOTE_ADDR when send to the Akismet
servers and therefore are all seen as spam.
The forwarding servers add an extra header to the HTTP request called
'HTTP_X_FORWARDED_HOST' that contains the original IP.
I've attached a patch that uses this address if it's available, else it
does take the normal 'REMOTE_ADDR' key into account.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11938>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list