WordPress.org

Support

Support » Plugins and Hacks » iThemes Security (formerly Better WP Security) » X-Forward-For problem in Apache PHP-FPM Varnish

X-Forward-For problem in Apache PHP-FPM Varnish

  • Hi,

    When php is used as FPM in Apache the X-Forwarded-For is not available via headers (varnish setup). There is no $headers[‘X-Forwarded-For’] (line 482 in inc/secure.php). Instead of there is variable _SERVER[“HTTP_X_FORWARDED_FOR”]. I suggest add another checking for it’s existence:

    //Get the forwarded IP if it exists
    if ( array_key_exists( ‘X-Forwarded-For’, $headers ) && ( filter_var( $headers[‘X-Forwarded-For’], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) || filter_var( $headers[‘X-Forwarded-For’], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 ) ) ) {

    $theIP = $headers[‘X-Forwarded-For’];

    } else if ( array_key_exists( ‘HTTP_X_FORWARDED_FOR’, $_SERVER ) && ( filter_var( $_SERVER[‘HTTP_X_FORWARDED_FOR’], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) || filter_var( $_SERVER[‘HTTP_X_FORWARDED_FOR’], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 ) ) ) {

    $theIP = $_SERVER[‘HTTP_X_FORWARDED_FOR’];

    } else {

    $theIP = $_SERVER[‘REMOTE_ADDR’];

    }

    Best regards,

    https://wordpress.org/plugins/better-wp-security/

  • The topic ‘X-Forward-For problem in Apache PHP-FPM Varnish’ is closed to new replies.
Skip to toolbar