While laying the groundwork to add our site to the Cloudflare CDN, we noticed that the IP address associated to customer orders are passed to Authorize.NET as the REMOTE ADDRESS. This IP address is dependent on the Cloudflare server that the client is currently viewing the site from.
Since Authorize.NET has been setup to use customer IP in aid of fraud prevention (i.e. out-of-country orders and logging IP's to a customer), this Remote Address is not reliable and may cause false-positives for fraud.
I am unable to find where in Miva the Client IP (assuming s.remote_addr) is being issued to the AuthNET API push - is this a baked-in feature of the module?
We would like to use the FORWARDED address (s.http_x_forwarded_for) as this gives the accurate client-side IP regardless of CDN.
Thanks for any help!
Since Authorize.NET has been setup to use customer IP in aid of fraud prevention (i.e. out-of-country orders and logging IP's to a customer), this Remote Address is not reliable and may cause false-positives for fraud.
I am unable to find where in Miva the Client IP (assuming s.remote_addr) is being issued to the AuthNET API push - is this a baked-in feature of the module?
We would like to use the FORWARDED address (s.http_x_forwarded_for) as this gives the accurate client-side IP regardless of CDN.
Thanks for any help!
Comment