WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
X-Forward-For problem in Apache + PHP-FPM + Varnish (1 post)

  1. GDef
    Member
    Posted 5 months ago #

    Hi,

    When php is used as FPM in Apache the X-Forwarded-For is not available via headers (varnish setup). There is no $headers['X-Forwarded-For'] (line 482 in inc/secure.php). Instead of there is variable _SERVER["HTTP_X_FORWARDED_FOR"]. I suggest add another checking for it's existence:

    //Get the forwarded IP if it exists
    if ( array_key_exists( 'X-Forwarded-For', $headers ) && ( filter_var( $headers['X-Forwarded-For'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) || filter_var( $headers['X-Forwarded-For'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 ) ) ) {

    $theIP = $headers['X-Forwarded-For'];

    } else if ( array_key_exists( 'HTTP_X_FORWARDED_FOR', $_SERVER ) && ( filter_var( $_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) || filter_var( $_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 ) ) ) {

    $theIP = $_SERVER['HTTP_X_FORWARDED_FOR'];

    } else {

    $theIP = $_SERVER['REMOTE_ADDR'];

    }

    Best regards,

    https://wordpress.org/plugins/better-wp-security/

Reply

You must log in to post.

About this Plugin

About this Topic