Created
June 20, 2019 14:49
-
-
Save lukapaunovic/d7178d42885ccf68a20b9aa6cbf6ff21 to your computer and use it in GitHub Desktop.
Restore real IP CloudFlare - WordPress (add in wp-config.php)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if ( isset( $_SERVER['HTTP_CF_CONNECTING_IP'] ) ) { | |
$http_x_headers = explode( ',', $_SERVER['HTTP_CF_CONNECTING_IP'] ); | |
$_SERVER['REMOTE_ADDR'] = $http_x_headers[0]; | |
} |
Yes you are right :)
Thankfully we do not need to do this anymore.
We have this implemented on NGINX or APACHE level.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This really should check if the originating IP is within cloudflare's documented ip addresses. Otherwise, if you are using IP for any access related tasks it can be easily faked with a direct connection to your server and the header set.