Description: ------------ While its not exactly valid usage. It is possible that a user may be configured with a NAT/cache system that will return only an internal IP for HTTP_X_FORWARDED_FOR. The regex should be limited to only localhost or invalid IPs. Like this: ~^((0|255|127\.0)\.|unknown)~ Test script: --------------- No test script needed

This bug has been fixed in SVN. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. Yeah, it's incorrect behavior. I had my share of this at work and we included REMOTE_ADDR in checking even when HTTP_X_FORWARDED_FOR was set. Fixes virtually all issues for us and we don't have to 'allow' private networks which can lead to other issues.