Appropriate way to show real user IP in a proxy situation (HTTP_X_FORWARDED_FOR)

Started by user58389239, April 27, 2023, 04:26:03 PM

Previous topic - Next topic


We're running 2.0.X (for now, upgrading soon)...using Sucuri firewall. We're not seeing the firewall IP instead of real user IP.

I've seen a few methods mentioned in previous posts on getting the correct info. I've seen it mentioned to put in QueryString.php and elsewhere to put it in index.php and a third place to put it in .htaccess.

tl;dr: What is the right method to get the user IP behind a firewall?


If you control the server, Apache has mod_remoteip, which simplifies a lot of setup/configurations with reverse proxies.
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ ~ Support the SMF Support team!

Aleksi "Lex" Kilpinen

Yup, remoteip is the proper way to do it, if you can, it can also make sure your server logs catch real user data instead of your proxy information.
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF


Awesome, thank you for the prompt replies! We have a VPS so we should be able to do this. Appreciate the amazing support of this community.