2014-09-08, 04:46 PM
Conditions:
The fix:
The cause is get_ip() function inside functions.php
Cloudflare brings the X-Forwarded-For HTTP header with uppercase letters.
As you know, IPv6 address can have letters from A to F since it allows for hexadecimal digits.
All $_SERVER['HTTP_*'] variables are actually HTTP headers and should be sanitized.
- Cloudflare protected website
- "Scrutinize User's IP address?" set to Yes in settings
- A user with IPv6 address
The fix:
The cause is get_ip() function inside functions.php
Cloudflare brings the X-Forwarded-For HTTP header with uppercase letters.
As you know, IPv6 address can have letters from A to F since it allows for hexadecimal digits.
All $_SERVER['HTTP_*'] variables are actually HTTP headers and should be sanitized.