Title: Reverse proxy / firewall options – HTTP header Last modified: April 11, 2025 --- # Reverse proxy / firewall options – HTTP header * Resolved [WPinThai](https://wordpress.org/support/users/wpinthai/) * (@wpinthai) * [1 year, 1 month ago](https://wordpress.org/support/topic/reverse-proxy-firewall-options-http-header/) * In WP Activity Log, Settings, General tab, Reverse proxy / firewall options, I believe I need to select a HTTP header based on the Firewall plugin I have on my website. * I have the Wordfence plugin with the Firewall active on my website. * I look in Wordfence, All Options, General Wordfence Options, “How does Wordfence get IPs” and see it is set as “Let Wordfence use the most secure method to get visitor IP addresses. Prevents spoofing and works with most sites. (Recommended)”. * Based on one of their webpages ([https://www.wordfence.com/help/dashboard/options/](https://www.wordfence.com/help/dashboard/options/)), I believe this means Wordfence will try to get a valid IP address from PHP. If that does not work, it will look at headers that a firewall or reverse proxy sends in case my site uses this configuration. - **Please can you tell me which HTTP header I need to select in WP Activity Log, Settings, General tab, Reverse proxy / firewall options** * Thanks in advance * Simon Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Support [Lucian Padureanu](https://wordpress.org/support/users/lucianwpwhite/) * (@lucianwpwhite) * [1 year, 1 month ago](https://wordpress.org/support/topic/reverse-proxy-firewall-options-http-header/#post-18414653) * Hello [@wpinthai](https://wordpress.org/support/users/wpinthai/), * Thank you for reaching out and for the detailed information — much appreciated! * I just wanted to clarify that in your case, **you do not need to configure anything under the “Reverse proxy / firewall options”** in the WP Activity Log plugin settings. That option is intended for setups using **remote Web Application Firewalls( WAFs)** or **reverse proxies**, where the real visitor IP might be masked or replaced in HTTP headers. * Since you’re using **Wordfence**, and its firewall is running **locally on your website**, there’s no need to specify or select a custom HTTP header. The plugin will correctly detect the IP address without any additional configuration. * Let us know if you have any other questions — always happy to help! * Thread Starter [WPinThai](https://wordpress.org/support/users/wpinthai/) * (@wpinthai) * [1 year, 1 month ago](https://wordpress.org/support/topic/reverse-proxy-firewall-options-http-header/#post-18414752) * Hi Lucian * Thank you very much for you reply. * Am I right in thinking that when you say “**remote Web Application Firewalls ( WAFs)**” you mean “**Cloud-based” **firewalls and/or **Host-Provider-based** Firewalls? * So, because my host provider plan does not provide a **Host-Provider-based** Firewall I should set the Reverse proxy / firewall option in your plugin to … No ? * Plugin Support [robertabela](https://wordpress.org/support/users/robert681/) * (@robert681) * [1 year, 1 month ago](https://wordpress.org/support/topic/reverse-proxy-firewall-options-http-header/#post-18416225) * Correct, you do not need to change that setting. It should be set to No. * Is there anything else we can assist you with in the meantime? * Thread Starter [WPinThai](https://wordpress.org/support/users/wpinthai/) * (@wpinthai) * [1 year, 1 month ago](https://wordpress.org/support/topic/reverse-proxy-firewall-options-http-header/#post-18416725) * Thank you very much for confirming. * I would like to suggest someone in Support gets an update made (based on the info in this ticket) to the explanation text in your KB article at [https://melapress.com/support/kb/wp-activity-log-support-reverse-proxies-web-application-firewalls/?utm_source=plugin&utm_medium=link&utm_campaign=wsal](https://melapress.com/support/kb/wp-activity-log-support-reverse-proxies-web-application-firewalls/?utm_source=plugin&utm_medium=link&utm_campaign=wsal) * I think it will deflect some calls and help other people for you ;O) * Simon * Plugin Support [robertabela](https://wordpress.org/support/users/robert681/) * (@robert681) * [1 year, 1 month ago](https://wordpress.org/support/topic/reverse-proxy-firewall-options-http-header/#post-18422070) * Thank you for the feedback. We will take care of that [@wpinthai](https://wordpress.org/support/users/wpinthai/) * Should you have any other questions, please do not hesitate to ask. May I ask you for a small favour? Please spare a minute to [**rate our plugin and service**](https://wordpress.org/support/plugin/wp-security-audit-log/reviews/). These ratings are really helpful. * Thank you and have a good day. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Reverse proxy / firewall options – HTTP header’ is closed to new replies. * ![](https://ps.w.org/wp-security-audit-log/assets/icon-256x256.png?rev=2961534) * [WP Activity Log](https://wordpress.org/plugins/wp-security-audit-log/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-security-audit-log/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-security-audit-log/) * [Active Topics](https://wordpress.org/support/plugin/wp-security-audit-log/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-security-audit-log/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-security-audit-log/reviews/) ## Tags * [http-header](https://wordpress.org/support/topic-tag/http-header/) * 6 replies * 3 participants * Last reply from: [robertabela](https://wordpress.org/support/users/robert681/) * Last activity: [1 year, 1 month ago](https://wordpress.org/support/topic/reverse-proxy-firewall-options-http-header/#post-18422070) * Status: resolved