apply_filters( 'pre_comment_user_ip', string $comment_author_ip )

Filters the comment author’s IP address before it is set.


Parameters Parameters

$comment_author_ip

(string) The comment author's IP address.


Top ↑

More Information More Information

With this filter, we can change the comment author’s IP before it’s recorded. Example use case can be when a client submits a comment through a proxy server.

The general format of the header is:
X-Forwarded-For: client1, proxy1, proxy2

where the value is a comma+space separated list of IP addresses, the left-most being the original client, and each successive proxy that passed the request adding the IP address where it received the request from. In this example, the request goes through the IPs: client1 -> proxy1 -> proxy2 -> proxy3. Proxy3 is not shown in the X-Forwarded-For header here and appears as the remote address of the request.

Since it is easy to forge an X-Forwarded-For header, the given information should be used with care.

X-Forwarded-For, X-Forwarded-By, and X-Forwarded-Proto are non-standard header fields and in increasing cases, have been superseded by the standard Forwarded header defined in RFC 7239. Example of a Forwarded header:
Forwarded: for=192.0.2.60;proto=http;by=203.0.113.43


Top ↑

Source Source

File: wp-includes/comment.php

View on Trac



Top ↑

Changelog Changelog

Changelog
Version Description
1.5.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

  1. Skip to note 1 content
    Contributed by stevenlinx

    Example Migrated from Codex:

    Use the left-most IP (the original client) in the X-Forwarded-For header as the comment author’s IP address.

    Note: You may need to adjust the example below for the standard Forwarded header, which supersedes the non-standard X-Forwarded-For header.

    add_filter( 'pre_comment_user_ip', 'auto_reverse_proxy_pre_comment_user_ip');
    
    function auto_reverse_proxy_pre_comment_user_ip()
    {    
    	$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
    
    	if (!empty($_SERVER['X_FORWARDED_FOR'])) {
    		$X_FORWARDED_FOR = explode(',', $_SERVER['X_FORWARDED_FOR']);
    		if (!empty($X_FORWARDED_FOR)) {
    			$REMOTE_ADDR = trim($X_FORWARDED_FOR[0]);
    		}
    	}
    
    	/*
    	* Some PHP environments will use the $_SERVER['HTTP_X_FORWARDED_FOR'] 
    	* variable to capture visitor address information.
    	*/
    	elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    		$HTTP_X_FORWARDED_FOR= explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
    		if (!empty($HTTP_X_FORWARDED_FOR)) {
    			$REMOTE_ADDR = trim($HTTP_X_FORWARDED_FOR[0]);
    		}
    	}
    
    	return preg_replace('/[^0-9a-f:\., ]/si', '', $REMOTE_ADDR);
    }
    

You must log in before being able to contribute a note or feedback.