CloudFlare Compatibility

  • Resolved Dominic

    (@dominicp)


    11 years, 1 month ago

    I’ve seen some indications that this plugin is compatible with CloudFlare from my Googling but nothing definitive. I noticed that in the brute_get_ip function you’re checking the HTTP_X_FORWARDED_FOR header, but there are some instances where that can include multiple IPs when working with CloudFlare (see CloudFlare docs).

    Maybe there should be a conditional that checks for the CF-Connecting-IP header as well? Anyway, thanks for a great plugin.

    https://www.ads-software.com/plugins/bruteprotect/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor Sam Hotchkiss

    (@samhotchkiss)

    Hi Dominic– thanks for the feedback! We’ve added CF-Connecting-IP to the headers we look for in the latest version of BruteProtect

    Thread Starter Dominic

    (@dominicp)

    Hi Sam, thanks for incorporating that header check. I took a look at the latest source, and I think there might be a small formatting error.

    In the PHP $_SERVER variable, the CF-Connecting-IP header is presented as $_SERVER["HTTP_CF_CONNECTING_IP"]. So the array_key_exists check won’t find it. See this SO answer.

    Sorry, I should have made that more clear in my original post.

    Plugin Contributor Sam Hotchkiss

    (@samhotchkiss)

    Thanks, Dominic, that’s what I get for throwing things in at the last second ?? I’ve made the fix, and it’ll be in our 1.1.5 release which should be out by the end of next week

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘CloudFlare Compatibility’ is closed to new replies.

Tags