Godaddy CDN and Wordfence

  • Resolved gsdesign

    (@gsdesign)


    5 years, 4 months ago

    Greetings,

    This plugin seems indispensable, and the work that goes on with it is tremendous. Thank you so much for creating it, and keeping a solid and good working free version as well, not every small business or individual has the budget or the time to throw at not only securing, but having someone or something that monitors and combats threats in real time. Thank you.

    I’m writing because the only thing I saw regarding Wordfence and a CDN was a post for Cloudflare CDN and an option that Wordfence had specifically for it.

    In the last few months GoDaddy has provided it’s own CDN for Managed WordPress Sites (at least that’s what I’ve seen), and I’m interested in using it. I’m curious if there are any considerations I need to make in regards to Wordfence when I enable this CDN option on the back end.

    Any recommendations or suggestions would be greatly appreciated.

    Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @gsdesign,

    When your site is behind a proxy or CDN, the IP address that Wordfence will see is the address of that proxy/CDN.

    These providers will usually indicate what the IP address of the connecting user is:

    1) Cloudflare uses their own special HTTP header, CF-Connecting-IP.

    2) GoDaddy, and most other CDNs will write to X-Forwarded-For or X-Real-IP.

    Because all these HTTP headers can be spoofed, you should only trust them if the IP address is from your CDN/proxy.

    This can be done within Wordfence by whitelisting GoDaddy’s IP addresses.

    https://ca.godaddy.com/help/set-up-my-web-application-firewall-waf-and-cdn-26813

    By following these steps, you can ensure that Wordfence is properly set up to use with GoDaddy’s CDN.

    1. Go to Wordfence -> All Options -> How does Wordfence get IPs
    2. Choose Use the X-Forwarded-For HTTP header.
    3. Edit Trust Proxies and add 192.88.134.0/23 and 185.93.228.0/22 (on new lines)
    4. Save Changes – and see if the Detected IPs match your IP address

    For example: https://i.imgur.com/AYzx5cO.png

    Dave

    Thread Starter gsdesign

    (@gsdesign)

    Hey Dave,

    Thanks for the quick and informative response!

    Regards.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Godaddy CDN and Wordfence’ is closed to new replies.