The reCAPTCHA module uses $_SERVER['REMOTE_ADDR'] when performing the validation. It should instead use $user->hostname, which is the IP address of the client. This makes reCAPTCHA compatible with reverse proxies. Patch attached.

Files: 
CommentFileSizeAuthor
recaptcha.module.patch754 bytesNathan Goulding

Comments

Nathan Goulding’s picture

Perhaps even better would be to use the function ip_address() instead which respects the X-Forwarded-For header and reverse-proxy settings.

Nathan Goulding’s picture

Can this patch get applied please? This is a bug. I'm using a reverse proxy and reCAPTCHA doesn't work using $_SERVER['REMOTE_ADDR'].

RobLoach’s picture

Status:Needs review» Fixed

Thanks a lot for the patch, I've committed it to both Drupal 6 and 7 and it will be part of version 1.7:
http://drupalcode.org/project/recaptcha.git/commit/a602875
http://drupalcode.org/project/recaptcha.git/commit/81243b7

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.