Adding the X-Forwarded-For (XFF) header in .PHP and .NET
For PHP: $_SERVER['HTTP_X_FORWARDED_FOR']
For .NET: HttpContext.Current.Request.Headers["X-Forwarded-For"]
1. Create a backup of your site. You can use tools such as PHPmyadmin to do this.
2. You will need to put the XFF code in a file that all of your pages access, such as header.php
, init.php
, or config.php
.
3. In one of those files, you should already see $_SERVER['REMOTE_ADDR']
which you can replace with $_SERVER['HTTP_X_FORWARDED_FOR']
.
Adding the X-Forwarded-For (XFF) header in WordPress
1. Go to your wp-config.php
file
2. The location in the file where you add the code will differ depending on your theme. If you are unsure, please contact your theme's owners.
3. Once you know the correct location, copy and paste the following code into the file
// Use X-Forwarded-For HTTP Header to Get Visitor's Real IP Address
if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
$http_x_headers = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );
$_SERVER['REMOTE_ADDR'] = $http_x_headers[0];
}
Alternative Method for WordPress: You can use the Proxy Real IP WordPress plugin available at WordPress Plugin - Proxy Real IP to add the code for you. Note that the effectiveness of this plugin depends on the origin server configuration. Adding the code with the plugin will be effective for some publishers but not all.
Additional Step for Both Methods:
After implementing the X-Forwarded-For header, you will need to inform your host. They will need to do additional configuring on their end to allow the requests to pass through as expected.