Compdigitec Labs

« | Home | »

Reverse proxy (X-Forwarded-For) patches for WordPress comments and Bad Behaviour

By admin | October 30, 2010

Update: Reverse proxy support is now built into Bad Behaviour as of 2.1.x. Therefore the following patch is obsolete and should only be applied to Bad Behaviour 2.0.x. You can configure the built-in reverse proxy either through your settings.ini or in WordPress administration.

Normally, when PHP scripts access the remote IP of a client through REMOTE_ADDR, it can only access the IP of the last client. Under most web hosting conditions this is perfectly normal, but in some corporate networks there is a reverse name-based proxy used to serve multiple servers through one IP. However, this messes up many scripts because to them it appears that all traffic is coming through one Intranet address, and this also messes up many spam protection filters because it appears to be an internal address.

Most proxy servers send the X-Forwarded-For header when contains the real IP that it is forwarding, but this cannot always be trusted, especially if your server is open both inside and outside the intranet. This means that when getting the real IP address, one must be careful that the request is coming from a trusted proxy server and not from a rouge spammer.

Since most scripts are not programmed by default to provide this kind of functionality, we have written a patch for WordPress 2.9 and Bad Behvaiour 2.0.38. However, this is not an efficient or elegant way to perform this kind of functionality, and instead recommend that Apache (or whatever your web server is) automatically rewrite REMOTE_ADDR instead. This way no unofficial patching is required, and it is compatible with more scripts.

For WordPress 2.9:

Open <blog path>/wp-includes/comment.php and scroll to line 1199 (line 1390 in 3.5), which reads “$commentdata[‘comment_author_IP’] = preg_replace( ‘/[^0-9a-fA-F:., ]/’, ”,$_SERVER[‘REMOTE_ADDR’] );“.

Now add the following code to it (replacing 111.222.233.144 with your trusted proxy server IP):

/** Begin X-Forwarded-For Patch **/
$headers = getallheaders();
if(isset($headers["X-Forwarded-For"])) {
	// forwarded proxy
	if($_SERVER['REMOTE_ADDR'] == "111.222.233.144") {
		// this is a trusted gateway
		$xff = $headers["X-Forwarded-For"];
		$xff_array = explode(",",$xff);
		$last_forwarded_host = trim($xff_array[count($xff_array)-1]);
		// remove port number, if needed
		if(strpos($last_forwarded_host,":") !== false) {
			$lfh_array = explode(":",$last_forwarded_host);
			unset($lfh_array[count($lfh_array)-1]);
			$last_forwarded_host = implode(":",$lfh_array);
		}
		// set real client IP as IP
		$commentdata['comment_author_IP'] = $last_forwarded_host;
	}
}
/** End X-Forwarded For Patch **/

Now comments should be attributed to their source IPs in the Comment administration panel.

Obsolete for modern versions of Bad Behaviour! For Bad Behaviour 2.0.38:

Open <bad behaviour path>/bad-behavior/core.inc.php to line 116 ($ip = $_SERVER[‘REMOTE_ADDR’]).

Now add the following lines after a newline (replace 111.222.233.144 with your gateway IP):

/** Begin X-Forwarded-For Patch **/
if(isset($headers["X-Forwarded-For"])) {
	// forwarded proxy
	if($ip == "111.222.233.144") {
		// this is a trusted gateway
		$xff = $headers["X-Forwarded-For"];
		$xff_array = explode(",",$xff);
		$last_forwarded_host = trim($xff_array[count($xff_array)-1]);
		// remove port number, if needed
		if(strpos($last_forwarded_host,":") !== false) {
			$lfh_array = explode(":",$last_forwarded_host);
			unset($lfh_array[count($lfh_array)-1]);
			$last_forwarded_host = implode(":",$lfh_array);
		}
		// set real client IP as IP
		$ip = $last_forwarded_host;
		unset($headers["X-Forwarded-For"]);
		unset($headers_mixed["X-Forwarded-For"]);
	}
}
/** End X-Forwarded For Patch **/

Now Bad Behaviour will start functioning again, as by default any Intranet address is whitelisted by default.

If you found this article helpful or interesting, please help Compdigitec spread the word. Don’t forget to subscribe to Compdigitec Labs for more useful and interesting articles!

Topics: HTTP (Internet), PHP | 21 Comments »

21 Responses to “Reverse proxy (X-Forwarded-For) patches for WordPress comments and Bad Behaviour”

  1. uefa champions league 2022 Says:
    April 1st, 2022 at 18:18

    … [Trackback]

    […] Info on that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  2. relxbycake.com Says:
    May 6th, 2022 at 20:11

    … [Trackback]

    […] Find More on on that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  3. nova88 Says:
    June 4th, 2022 at 14:33

    … [Trackback]

    […] Read More on that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  4. สล็อต วอ เลท Says:
    June 10th, 2022 at 19:37

    … [Trackback]

    […] Read More here to that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  5. https://www.jpost.com/promocontent/prima-weight-loss-reviews-uk-dont-spend-a-dime-till-you-read-this-708038 Says:
    June 17th, 2022 at 13:01

    … [Trackback]

    […] Find More here to that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  6. marijuana for sale in texas, Says:
    July 2nd, 2022 at 18:24

    … [Trackback]

    […] Here you will find 25127 additional Info to that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  7. sbo Says:
    August 17th, 2022 at 14:27

    … [Trackback]

    […] Read More on that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  8. upx1688 Says:
    August 18th, 2022 at 01:33

    … [Trackback]

    […] Information on that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  9. สล็อตวอเลท ไม่มีขั้นต่ำ Says:
    August 19th, 2022 at 19:03

    … [Trackback]

    […] Find More Information here to that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  10. Darknet Says:
    August 31st, 2022 at 11:33

    … [Trackback]

    […] Find More on that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  11. Cá độ thể thao World Cup 2022 Says:
    September 22nd, 2022 at 19:16

    … [Trackback]

    […] Here you will find 97517 additional Information to that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  12. Audemars Piguet replica watches Says:
    September 24th, 2022 at 00:26

    … [Trackback]

    […] Here you can find 38771 additional Information on that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  13. tristar trap guns Says:
    September 29th, 2022 at 11:50

    … [Trackback]

    […] Info to that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  14. just go to Says:
    October 27th, 2022 at 19:06

    … [Trackback]

    […] Info to that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  15. condominios san jose del cabo Says:
    November 25th, 2022 at 18:09

    … [Trackback]

    […] Find More on on that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  16. website to buy dumps online Says:
    December 14th, 2022 at 01:56

    … [Trackback]

    […] Info to that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  17. Extra resources Says:
    January 12th, 2023 at 14:24

    … [Trackback]

    […] There you can find 23416 additional Information to that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  18. Paddy Power casino review Says:
    January 23rd, 2023 at 02:21

    … [Trackback]

    […] Read More Info here on that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  19. Pokermatch India Says:
    February 6th, 2023 at 21:23

    … [Trackback]

    […] Find More on to that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  20. wapjig.com Says:
    March 17th, 2023 at 04:31

    … [Trackback]

    […] Find More Information here on that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

  21. furbabiesbytreesdancealone Says:
    March 23rd, 2023 at 14:28

    … [Trackback]

    […] Read More on that Topic: compdigitec.com/labs/2010/10/30/reverse-proxy-x-forwarded-for-patches-for-wordpress-comments-and-bad-behaviour/ […]

Comments