When your site is integrated with Ezoic via Name Servers or Cloudflare, all visitor traffic is routed through Ezoic’s cloud servers before reaching your host. By default, your server logs may show Ezoic’s IP addresses rather than the visitor's. The X-Forwarded-For (XFF) header passes the visitor's original IP address to your server, which is critical for accurate logging, security filtering, and preventing "bot" misidentification.
You may need to implement the XFF header if you experience the following:
Incorrect IP Logs: Your access logs show a small range of AWS/Ezoic IPs instead of unique visitor IPs.
Security Blocks: Your host identifies the high volume of traffic from Ezoic IPs as a "Bot Attack" or DDoS.
Origin Errors (520/524): The server rejects requests because it doesn't recognize the forwarded IP.
Frequent Captchas: Your host triggers automated bot challenges for legitimate visitors.
For WordPress sites, you can modify your wp-config.php file to capture the real IP.
Access your site files via FTP or File Manager and open wp-config.php.
Add the following code snippet (usually near the top of the file, after the <?php tag):
// Use X-Forwarded-For HTTP Header to Get Visitor's Real IP Address
if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
$http_x_headers = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );
$_SERVER['REMOTE_ADDR'] = $http_x_headers[0];
}If you are using a non-WordPress PHP site, you can replace the standard remote address variable.
Locate a global configuration file (e.g., header.php, init.php, or config.php).
Find any instance of $_SERVER['REMOTE_ADDR'] and replace or supplement it with: $_SERVER['HTTP_X_FORWARDED_FOR']
For applications built on .NET, use the following string to capture the header: HttpContext.Current.Request.Headers["X-Forwarded-For"]
Implementing the code on your site is only half of the solution. You must contact your hosting provider's support team and inform them that you are using Ezoic.
What to tell your host:
"I am using Ezoic's proxy service. I have implemented the X-Forwarded-For header on my site. Please ensure your server-side security (ModSecurity, Firewalls, etc.) is configured to recognize the XFF header so that Ezoic's IP addresses are not rate-limited or blocked."
Always Backup First: Before editing wp-config.php or other core files, create a full backup of your site.
Monitor Logs: After implementation, check your server access logs. You should begin seeing a diverse range of IP addresses instead of just a few recurring Ezoic IPs.
Check for Plugins: Some WordPress security plugins (like Wordfence) have built-in settings to "Trust the X-Forwarded-For header." Check your plugin settings before adding manual code.
Indirectly, yes. If your host blocks Ezoic’s IPs because it thinks they are bots, your site will go offline or show "Origin Errors," stopping all ad delivery.
No. This is only necessary for Cloud Integration (Name Servers or Cloudflare) because JavaScript integration does not change how traffic is routed to your server.
If errors persist, it usually means the host is still blocking Ezoic at the firewall level. Re-verify with your host that they have "whitelisted" or properly configured their proxy settings for Ezoic's IP ranges. Additional information here.