From 92ab335b293004abdc01910f40b9fff13c23ae70 Mon Sep 17 00:00:00 2001 From: Virginia Dooley Date: Mon, 23 Sep 2024 18:30:17 +0100 Subject: [PATCH] Use the IP address of the client that connected to CloudFront --- wcivf/apps/feedback/views.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/wcivf/apps/feedback/views.py b/wcivf/apps/feedback/views.py index 7cfe44ce7..b23ecdb17 100644 --- a/wcivf/apps/feedback/views.py +++ b/wcivf/apps/feedback/views.py @@ -28,7 +28,11 @@ def is_spam(self): akismet_client = akismet.SyncClient.validated_client(config=config) return akismet_client.comment_check( - user_ip=self.request.META["REMOTE_ADDR"], + # The IP address of the client that connected to CloudFront, + # not the IP of the connecting client (ALB or CloudFront). + user_ip=self.request.META["HTTP_X_FORWARDED_FOR"] + .split(",")[0] + .strip(), comment_content=self.request.POST.get("comments"), comment_type="feedback", comment_author=self.request.META.get("HTTP_USER_AGENT"),