Wp Security doesn’t recognize external IP addresses

Hi, just for testing purposes have you tried locking your IP address? Just to see what IP entry the plugin shows up.

Regards

Hi,
it’s the same: 10.10.2.*

Regards

My logged in IP adress is listed as 10.10.2.53.

Hi, thank you for providing the extra information. I have submitted a message to the plugin developers to investigate further your issue.

Regards

Hi @jjuergensen,
The aiowps function which obtains the IP address uses $_SERVER[‘REMOTE_ADDR’].
In most cases the above global should be the best and least spoofable way to obtain the IP address but there are special cases where certain webservers have a more unusual setup such as yours. In your case your server might have some proxy or CDN in front of it and hence you may need to make an adjustment via your wp-config.php file.

One example that you could try is the following code entered in your wp-config.php:

if ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $_SERVER['HTTP_X_FORWARDED_FOR'] ) )
	$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];

Note that since I’m not familiar with how your hosting environment is setup, you might need to experiment with the above code because your real IP address might be located in any of the following globals:
‘HTTP_CF_CONNECTING_IP’, ‘HTTP_CLIENT_IP’, ‘HTTP_X_FORWARDED_FOR’, ‘HTTP_X_FORWARDED’, ‘HTTP_X_CLUSTER_CLIENT_IP’, ‘HTTP_FORWARDED_FOR’, ‘HTTP_FORWARDED’

It is also a good idea to talk to your host support crew and explain your situation to them because they should be able to point you to which $_SERVER global the real IP address will be in.

• This reply was modified 7 years, 5 months ago by wpsolutions.

Thank you both.
This code was the solution.

I am sure the ip problem started with the last update of your plugin.

Regards,
Jacob

Hi there,

I seem to be having the same problem as jjuergensen.
And I’ve use
if ( ! empty( $_SERVER[‘HTTP_X_FORWARDED_FOR’] ) && preg_match( ‘/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/’, $_SERVER[‘HTTP_X_FORWARDED_FOR’] ) )
$_SERVER[‘REMOTE_ADDR’] = $_SERVER[‘HTTP_X_FORWARDED_FOR’];

It doesn’t seem to work. The current server for my client is Azure. I tried wordfence, it seem to be able to read the proper external ip. But AIOWPS keep showing me the same ip address which is the current hosted server ip address. Anything else I can try to make aiowps read the external ip?

Thanks!

Hi @sengjai,
You will need to experiment and replace the HTTP_X_FORWARDED_FOR with one of the other global variables where your hosting setup may be putting the real visitor IP address.
What type of hosting environment are you on?

Are you using CloudFlare? If so you might like to try using HTTP_CF_CONNECTING_IP in place of HTTP_X_FORWARDED_FOR.

Another one you can try is:
HTTP_CLIENT_IP

This plugin uses REMOTE_ADDR because this *should* contain the real user IP and should be the most reliable and secure compared to the other variables. However on some servers the IP real address is contained in one of the others and REMOTE_ADDR may contain an internal IP address or that of a load-balancer or proxy etc.

Hi there,

So I managed to solve it. The ip that was correct $_SERVER[‘HTTP_X_FORWARDED_FOR’];

However, when i echoed it out, it has a port number behind. So although setting $_SERVER[‘REMOTE_ADDR’] = $_SERVER[‘HTTP_X_FORWARDED_FOR’]; it still didn’t work because of the port number,

Hence I had to do a split
$output = (preg_split(‘/:/’,$_SERVER[‘HTTP_X_FORWARDED_FOR’]));
$_SERVER[‘REMOTE_ADDR’] = $output

That finally worked. So I didn’t have problems on other servers, but this particular clients server was working on Azure Linux, not too sure what was the configuration whether they had CDN or Proxy on it.

Anyway thanks for the update! Hope my input will help the others facing this issue!

@sengjai, that is great news.

I am curios about your solution. Would you be able to share the full code you added. I am sure this will help others.

Kind regards

Hi there,

So for this particular situation, I knew the problem was that it was still loading the server ip address. I just forced the ip to change to the external one:-

Take note, the eg ip address that came out xxx.xxx.xxx.xxx:8080

$output = (preg_split(‘/:/’,$_SERVER[‘HTTP_X_FORWARDED_FOR’]));
$_SERVER[‘REMOTE_ADDR’] = $output[0]; //this returns the ip address without the PORT number

That’s it!

$output = (preg_split(‘/:/’,$_SERVER[‘HTTP_X_FORWARDED_FOR’]));
$_SERVER[‘REMOTE_ADDR’] = $output[0]; //this returns the ip address without the PORT number

I think my issue is the same, but when I add this code it causes an error on the site. Can you please provide the exact code in context to the code below? I’m sure it’s something simple I’m missing. Thank you.

if ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $_SERVER['HTTP_X_FORWARDED_FOR'] ) )
	$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];

Hi,

same problem. I’m also interested in this last – or any other – solution.

This

if ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $_SERVER['HTTP_X_FORWARDED_FOR'] ) )
	$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];

in combination with any of these
‘HTTP_CF_CONNECTING_IP’, ‘HTTP_CLIENT_IP’, ‘HTTP_X_FORWARDED_FOR’, ‘HTTP_X_FORWARDED’, ‘HTTP_X_CLUSTER_CLIENT_IP’, ‘HTTP_FORWARDED_FOR’, ‘HTTP_FORWARDED’
does not work for me.

Kind regards

Nicole

Hi @c-nicole, please try to follow the solution provided by the developer @wpsolutions and also read the solution submitted by @sengjai in the thread.

Kind regards

I’ve tried the solution provided by @wpsolutions, without success.

The solution of @sengjai is not entirely clear to me – what is the entire code I have to enter in my wp-config.php?

Regards,
Nicole