Technical Support/Troubleshooting

Using the X-Forwarded-For (XFF) Header

Last updated over a month ago

Introduction

When your site is integrated with Ezoic via Name Servers or Cloudflare, all visitor traffic is routed through Ezoic’s cloud servers before reaching your host. By default, your server logs may show Ezoic’s IP addresses rather than the visitor's. The X-Forwarded-For (XFF) header passes the visitor's original IP address to your server, which is critical for accurate logging, security filtering, and preventing "bot" misidentification.

Common Symptoms

You may need to implement the XFF header if you experience the following:

Incorrect IP Logs: Your access logs show a small range of AWS/Ezoic IPs instead of unique visitor IPs.
Security Blocks: Your host identifies the high volume of traffic from Ezoic IPs as a "Bot Attack" or DDoS.
Origin Errors (520/524): The server rejects requests because it doesn't recognize the forwarded IP.
Frequent Captchas: Your host triggers automated bot challenges for legitimate visitors.

How to Implement the XFF Header

1. WordPress (Recommended Method)

For WordPress sites, you can modify your wp-config.php file to capture the real IP.

Access your site files via FTP or File Manager and open wp-config.php.
Add the following code snippet (usually near the top of the file, after the <?php tag):

// Use X-Forwarded-For HTTP Header to Get Visitor's Real IP Address
if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
    $http_x_headers = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );
    $_SERVER['REMOTE_ADDR'] = $http_x_headers[0];
}

2. General PHP Sites

If you are using a non-WordPress PHP site, you can replace the standard remote address variable.

Locate a global configuration file (e.g., header.php, init.php, or config.php).
Find any instance of $_SERVER['REMOTE_ADDR'] and replace or supplement it with: $_SERVER['HTTP_X_FORWARDED_FOR']

3. .NET Sites

For applications built on .NET, use the following string to capture the header: HttpContext.Current.Request.Headers["X-Forwarded-For"]

Inform Your Host

Implementing the code on your site is only half of the solution. You must contact your hosting provider's support team and inform them that you are using Ezoic.

What to tell your host:

"I am using Ezoic's proxy service. I have implemented the X-Forwarded-For header on my site. Please ensure your server-side security (ModSecurity, Firewalls, etc.) is configured to recognize the XFF header so that Ezoic's IP addresses are not rate-limited or blocked."

Best Practices & Maintenance

Always Backup First: Before editing wp-config.php or other core files, create a full backup of your site.
Monitor Logs: After implementation, check your server access logs. You should begin seeing a diverse range of IP addresses instead of just a few recurring Ezoic IPs.
Check for Plugins: Some WordPress security plugins (like Wordfence) have built-in settings to "Trust the X-Forwarded-For header." Check your plugin settings before adding manual code.

FAQ

Will this affect my ad revenue?

Indirectly, yes. If your host blocks Ezoic’s IPs because it thinks they are bots, your site will go offline or show "Origin Errors," stopping all ad delivery.

Does this work with JavaScript integration?

No. This is only necessary for Cloud Integration (Name Servers or Cloudflare) because JavaScript integration does not change how traffic is routed to your server.

What if I still see 520 errors after adding the code?

If errors persist, it usually means the host is still blocking Ezoic at the firewall level. Re-verify with your host that they have "whitelisted" or properly configured their proxy settings for Ezoic's IP ranges. Additional information here.

Need Further Assistance?

If you need further assistance with implementation of an XFF header, please log in via support.ezoic.com to make use of our dedicated resources for support. We're here to help!

Was this article helpful?