Skip to content

Instantly share code, notes, and snippets.

@lukapaunovic

lukapaunovic/gist:d7178d42885ccf68a20b9aa6cbf6ff21

Created June 20, 2019 14:49
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lukapaunovic/d7178d42885ccf68a20b9aa6cbf6ff21 to your computer and use it in GitHub Desktop.
Save lukapaunovic/d7178d42885ccf68a20b9aa6cbf6ff21 to your computer and use it in GitHub Desktop.
Download ZIP
Restore real IP CloudFlare - WordPress (add in wp-config.php)
Raw
gistfile1.txt
if ( isset( $_SERVER['HTTP_CF_CONNECTING_IP'] ) ) {
$http_x_headers = explode( ',', $_SERVER['HTTP_CF_CONNECTING_IP'] );
$_SERVER['REMOTE_ADDR'] = $http_x_headers[0];
}
@rupaschomaker
Copy link

This really should check if the originating IP is within cloudflare's documented ip addresses. Otherwise, if you are using IP for any access related tasks it can be easily faked with a direct connection to your server and the header set.

@lukapaunovic
Copy link
Author

Yes you are right :)
Thankfully we do not need to do this anymore.
We have this implemented on NGINX or APACHE level.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment