Bug #5850
closedNew server - $_SERVER['REMOTE_ADDR'] using private IP instead of user IP
0%
Description
I was testing bbPress on the new server and the IP address that is logged for each forum post uses a private IP address by the server, instead of the user's IP.
The issue is bbPress uses $_SERVER['REMOTE_ADDR']
to attempt to grab the user's IP. However, the load balancer uses $_SERVER['HTTP_X_FORWARDED_FOR']
.
I'm thinking we could override REMOTE_ADDR
with HTTP_X_FORWARDED_FOR
manually in wp-config.php as recommend in this WP Trac ticket:
https://core.trac.wordpress.org/ticket/9235#comment:12
https://core.trac.wordpress.org/ticket/9235#comment:40
Updated by Boone Gorges over 8 years ago
Yup, this seems fine with me. Not something I would support introducing into WP core, but fine for the Commons :)
Updated by Raymond Hoh over 8 years ago
Boone, I've committed the change on the server (commit 90e7f9a), but haven't pushed it to Github because I haven't pulled the latest changes to master branch on the server yet.
Wasn't sure what the release strategy was for 1.9.22, so thought I'd touch base with you before I did a git pull
on the server.
Updated by Boone Gorges over 8 years ago
Thanks, Ray. The commit looks good.
Since it's looking like the regularly scheduled 1.9.22 release will go out before the server migration, please do keep the 1.9.x and master branches so that they continue to work properly on the existing server. That said, your HTTP_X_FORWARDED_FOR check should mean that the commit does nothing at all on the existing server (unless someone's doing something nefarious), so I don't see any harm in putting it into the mainline branch.
Updated by Raymond Hoh over 8 years ago
Actually, I'm going to revert the commit and move the code to cac-env-config.php
since this code is specific to the load balancer only.