I don't know Incapsula at all but it seems like You need to read HTTP header "X-Forwarded-For" instead of _SERVER["REMOTE_ADDR"]. It's possile that the change is quite simple when you review your script. Try something like:
$headers = apache_request_headers(); $real_client_ip = $headers["X-Forwarded-For"];
Incapsula support states that the following code must be included at the beginning of any php code...
<?php
/**
* This file should be included at the beginning of your PHP code
*
* It changes the value of $_SERVER['REMOTE_ADDR'], to the value provided in the Incap-Client-IP header.
* If such a value is not provided, or is not valid - no change is made.
*///name of HTTP header with the initial client IP address
define('HEADER_NAME','HTTP_INCAP_CLIENT_IP');try {
//stop process if there is no header
if (empty($_SERVER[HEADER_NAME])) throw new Exception('No header defined', 1);
//validate header value
if (function_exists('filter_var')) {
$ip = filter_var($_SERVER[HEADER_NAME], FILTER_VALIDATE_IP);
if (false === $ip) throw new Exception('The value is not a valid IP address', 2);
}
else {
$ip = trim($_SERVER[HEADER_NAME]);
if (false === preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $ip)) throw new Exception('The value is not a valid IP address', 2);
}
//At this point the initial IP value is exist and validated
$_SERVER['REMOTE_ADDR'] = $ip;
} catch (Exception $e) {}
?>
Which elgg file should it be placed in?
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.