New to the community? Start here

[Defender Pro] Passing IP addresses through an AWS classic load balancer with x-forwarded-for head

The IP address being logged by Defender is the IP address of the load balancer, not the external user. We have this in wp-config.php:

// Use X-Forwarded-For HTTP Header to Get Visitor’s Real IP Address
if ( isset( $_SERVER[‘HTTP_X_FORWARDED_FOR’] ) ) {
$http_x_headers = explode( ‘,’, $_SERVER[‘HTTP_X_FORWARDED_FOR’] );
$_SERVER[‘REMOTE_ADDR’] = $http_x_headers[0];
}

but it doesn’t appear to be working. Is there something else we need to do to get the IP address to be seen by the site?

Wed, 9 Oct 2019 11:58:17
More Defender Pro discussions
Defender Pro
  • Adam
    • Support Gorilla

    Hi Chris Pearce

    I hope you’re well today and thank you for letting us know that you found solution!

    You’re also right – Defender does check HTTP_CLIENT_IP first as with any standard setup (so no modifications to wp-config.php) the REMOTE_ADDR would return IP of the “requesting machine”. In case of some proxies/CDNs etc it would often be that IP instead of an actual “client IP” while the HTTP_CLIENT_IP is expected to carry an actual client IP.

    Best regards,
    Adam