BruteProtect and load balancers

  • I run WordPress on an AWS image behind a load balancer. It looks like the only IP address logged by the server running WP is the IP address of the load balancer. Since I whitelisted the load balancer IP address, it looks like BruteProtect can’t protect my blog from brute force attacks (they all look like they are coming from the whitelisted load balancer IP). At least that is what it looks like since I had another problem last night, after installing BruteProtect.

    Assuming I am not missing something, is there a way to use BruteProtect with a load balancer?

    In my code I often need to check the HTTP_X_FORWARDED_FOR header info for the IP address of the user. Maybe this is an option for BruteProtect?

    jd

    https://www.ads-software.com/plugins/bruteprotect/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor Sam Hotchkiss

    (@samhotchkiss)

    Hey JD– how are you deducing that BP is looking at your load balancer IP?

    Here are the headers that we look at, in this order, to determine the end-user IP:

    HTTP_CLIENT_IP
    HTTP_CF_CONNECTING_IP
    HTTP_X_FORWARDED_FOR
    HTTP_X_FORWARDED
    HTTP_X_CLUSTER_CLIENT_IP
    HTTP_FORWARDED_FOR
    HTTP_FORWARDED
    REMOTE_ADDR

    Thread Starter jd5555

    (@jd5555)

    I assumed that it was because my site got hammered after I set up BruteProtect, and I thought that BruteProtect would prevent that. The logical reason (to me) was that the access logs on the server indicated that the source of the traffic was a whitelisted IP address, so it made sense that BP would ignore the access attempts.

    But per what you say, my assumption was wrong. In which case, any idea as to why BP wouldn’t have blocked an attack?

    jd

    Hi jd,

    “any idea as to why BP wouldn’t have blocked an attack?” – I’m not part of the BruteProtect team, but it seems to me that you may have misunderstood what BruteProtect does. It denies login attempts. Your post reads like you’re hoping that it’ll also help mitigate DDOS attacks – ??

    David

    Thread Starter jd5555

    (@jd5555)

    The symptom in my log files was repeated attempts to access wp-login from the same IP address, which is what I thought BP was intended to address.

    Plugin Contributor Sam Hotchkiss

    (@samhotchkiss)

    Hey JD– were the repeated attempts actually SUBMITTING the login form? What domain is this for? (you can submit it through our contact form on bruteprotect.com if you don’t want to share publicly)

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘BruteProtect and load balancers’ is closed to new replies.