X-Forwarded-For HTTP header code

  • Resolved lauratraveler

    (@lauratraveler)


    3 years, 8 months ago

    Hi,

    When Wordfence gets the IPs using the ‘Use the X-Forwarded-For HTTP header. Only use if you have a front-end proxy or spoofing may result.’ method (for sites integrated with Ezoic), is adding the following code to wp-config.php also necessary/recommended?

    /** Use X-Forwarded-For HTTP Header to Get Visitor's Real IP Address*/
if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
$http_x_headers = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );
$_SERVER['REMOTE_ADDR'] = $http_x_headers[0];
}

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)

  • Thanks for reaching out.

    Yes, that code is necessary. Please leave it in place. It’s to ensure that the IPs sent by Ezoic and your hosting provider are the correct and actual IP addresses of visitors.

    Tim

    Thread Starter lauratraveler

    (@lauratraveler)

    @wfsupport I’m not talking about leaving it in place something Wordfence might have added.

    I’m asking whether I should also manually add this code myself as per Ezoic’s article https://support.ezoic.com/kb/article/how-to-fix-origin-errors when already using the X-Forwarded-For HTTP header option in Wordfence.

    Won’t this duplicate the code?

    If it isn’t there already then please add it. I believe it goes near the top of the file. This ensures that the hosting provider is sending the correct IP.

    Tim

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘X-Forwarded-For HTTP header code’ is closed to new replies.

Tags