Anti-Splog behind reverse proxy

We are currently running Anti-Splog on WPMU behind reverse proxies.

All the blog signups are shown as having the reverse proxys IP address, and get flagged for spam.

How do I change Anti-Splog to use X-FORWARDED-FOR flag (which our proxies provide) instead of the originating IP address?

  • Aaron
    • CTO

    You should be configuring apache or nginx, whichever you’re using, to populate the php $_SERVER global properly. That’s the normal process when behind a proxy. It’s almost never done at the app level.

    I’m sure there’s plenty of tutorials out there on google.

  • IDGIT
    • Flash Drive

    Hi Aaron!

    After checking with our environment this is what we have in our $_SERVER:

    [REMOTE_ADDR] => <reverse proxy ip here>

    [HTTP_X_FORWARDED_FOR] => <actual user ip here>

    Since your answer was so brief I am not sure if this is what you meant by “populate the php $_SERVER global properly”. I am hoping for your clarification on how to configure Anti-Splog to use HTTP_X_FORWARDED_FOR in $_SERVER.

  • Aaron
    • CTO

    Sorry I wasn’t clear. This is a server configuration issue with your webserver behind the proxy. Your webserver needs to be properly configured so that REMOTE_ADDR in php is populated with the HTTP_X_FORWARDED_FOR header passed by your proxy.

    This is the proper, normal way to do this. It shouldn’t be done in the application code. Note not doing this affects a large number of other plugins that rely on REMOTE_ADDR, as well as core WP.

    Note if you absolutely have to you can just mod the core code to use HTTP_X_FORWARDED_FOR instead of REMOTE_ADDR.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.