Using the X-Forwarded-For (XFF) Header

Ezoic Customer Service -

If you have any questions please don't hesitate to reach out to our Support team at https://support.ezoic.com/hc/en-us

 

What is the X-Forwarded-For Header and When is it Needed?

 

The X-Forwarded-For (XFF) header identifies the originating IP address of a user through an HTTP proxy or load balancer. When using Ezoic's platform, requests from your users will be routed through Ezoic's Amazon Cloud Servers (AWS). Therefore, your logs will show Ezoic IP addresses rather than the original IP address of the user.

Many web applications use the origin IP address of the user. For example, users can be identified by their IP address when logging into a member area. In this case, it's a good idea to pass along the origin IP.

Another issue that can arise when using a proxy or load balancer is that your hosting company detects an 'attack' because all the requests are coming from a single or few IPs rather than a wide assortment. This can be fixed by using the XFF header as well. 

By implementing the XFF header, Ezoic will send the IP address of the original web visitor through to your server in the X-Forwarded-For header.

 

 

How to Add the XFF?

 

  • In PHP it is available in: $_SERVER['HTTP_X_FORWARDED_FOR']
  • You need to put the code above in a file that all of your pages access (e.g. header.php, init.php or config.php)
  • You should see $_SERVER['REMOTE_ADDR'], which you can replace with$_SERVER['HTTP_X_FORWARDED_FOR']

 

  • In .NET it's available in:  HttpContext.Current.Request.Headers["X-Forwarded-For"]

 

 

How to Add the X-Forwarded-For Header on WordPress?

 

For Wordpress sites this process is a little different.

  • To implement XFF for WordPress sites, simply copy and paste the code below to your theme's wp-config.php file:

 

// Use X-Forwarded-For HTTP Header to Get Visitor's Real IP Address

 

if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {

$http_x_headers = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );

 

$_SERVER['REMOTE_ADDR'] = $http_x_headers[0];

}

 
 
 

 

 

 

 

For more information, please see this article

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk