The reCAPTCHA module uses $_SERVER['REMOTE_ADDR'] when performing the validation. It should instead use $user->hostname, which is the IP address of the client. This makes reCAPTCHA compatible with reverse proxies. Patch attached.

recaptcha.module.patch754 bytesNathan Goulding
Members fund testing for the Drupal project. Drupal Association Learn more


Nathan Goulding’s picture

Perhaps even better would be to use the function ip_address() instead which respects the X-Forwarded-For header and reverse-proxy settings.

Nathan Goulding’s picture

Can this patch get applied please? This is a bug. I'm using a reverse proxy and reCAPTCHA doesn't work using $_SERVER['REMOTE_ADDR'].

RobLoach’s picture

Status: Needs review » Fixed

Thanks a lot for the patch, I've committed it to both Drupal 6 and 7 and it will be part of version 1.7:

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.