Auth failures from 127.0.0.1 (varnish?)

  • Resolved foxbat

    (@foxbat)


    9 years, 6 months ago

    All hack attempts on my admin page are being logged as coming from 127.0.0.1. I expect this is because I’m using the Varnish cache to front my Apache.

    I believe Varnish honours the proxy convention of passing the source IP in the X-Forwarded-For header. The wp-fail2ban plugin should look for and use this header if the source IP is 127.0.0.1.

    Please double-check my assumptions for security vulnerabilities (i.e. the client should not be able to set X-Forwarded-For to mislead wp-fail2ban).

    https://www.ads-software.com/plugins/wp-fail2ban/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Blake

    (@blakemoore123)

    Hey Foxbat,

    I’m using a similar setup and it’s fine with me. Have you actually configured your varnish vcl to pass the X-Forwarded-For header?

    You can use the below code:

    if (req.restarts == 0) {
		if (req.http.X-Forwarded-For) {
			set req.http.X-Forwarded-For =
				req.http.X-Forwarded-For + ", " + client.ip;
		} else {
			set req.http.X-Forwarded-For = client.ip;
		}
	}

    You then need to add the below line to your wp-config.php file:

    define('WP_FAIL2BAN_PROXIES','127.0.0.1');

    Hope this helps!

    Blake

    Thread Starter foxbat

    (@foxbat)

    Hi Blake,

    Thanks for your reply. I have the X-Forwarded-For header setup correctly but I was missing the define() in wp-config.php. Adding that fixed the issue. Thanks very much!

    Blake

    (@blakemoore123)

    Glad I could help!

    Blake

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Auth failures from 127.0.0.1 (varnish?)’ is closed to new replies.