Incorrect visitor's IP detection

  • Resolved Kosteg

    (@kosteg)


    9 years, 8 months ago

    Hi!
    The plugin determines all the site visits as from one IP. I tried to check “Disable Proxy IP Detection” – no effect.

    I have pretty complicated configuration. My server has nginx and varnish. Moreover it gets visitors from the subdirectory of my other server (which is apache). So I have two servers – ApacheServer (apache with blog subdirectory configured as reverse proxy) and WordPressServer (nginx+varnish+wordpress). The complete scheme looks like this:

    Visitor (73.1.106.131 for example) -> ApacheServer (proxy, 95.213.164.234) -> WordPressServer (Varnish -> Nginx -> WordPress)

    The visitor’s IP is 73.1.106.131. The problem is the plugin records to the logs proxy’s IP 95.213.164.234, not the visitor’s.

    Here is nginx log typical record:
    95.213.164.234 – – [27/Mar/2015:19:42:21 +0300] “GET /blog/archive/2014-03-10/ HTTP/1.1” 200 16608 “https://infobusiness2.ru/blog/tag/12-luchshih-statei-2014-2015/” “Opera/9.80 (Windows NT 6.1; Win64; x64) Presto/2.12.388 Version/12.17” “73.1.106.131, 95.213.164.234”

    Here are the headers:
    [HTTP_X_FORWARDED_HOST] => infobusiness2.ru
    [HTTP_X_FORWARDED_SERVER] => infobusiness2.ru
    [HTTP_X_FORWARDED_FOR] => 73.1.106.131, 95.213.164.234

    Could you please tell my how to solve this issue?

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 4 replies - 1 through 4 (of 4 total)

  • You should untick the “Disable Proxy IP Detection” checkbox.

    Then study the get_ip() method/function in the core/class-itsec-lib.php file. Code of this function might need a fix … or two … or three.

    dwinden

    Untick the “Disable Proxy IP Detection” checkbox.
    Click on “Save All Changes” button.

    Create a copy of the core/class-itsec-lib.php file.
    Then try to replace the last line in get_ip() method/function with:

    return esc_sql( explode(', ', $the_ip)[0] );

    This is hopefully the only fix needed to solve your issue.
    Note this fix is untested. So I’m not sure about the result.
    Make sure to create a copy of the core/class-itsec-lib.php file
    before testing it. This way it should be easy to undo the fix
    in case the result is negative.

    dwinden

    Please ignore my previous post.
    The suggested fix does not work.

    Basically the get_ip() function\method is not dealing with the possibility of multiple ip addresses in the headers.

    So here is the fixed code:

    public static function get_ip() {

	global $itsec_globals;

	if ( isset( $itsec_globals['settings']['proxy_override'] ) && true === $itsec_globals['settings']['proxy_override'] ) {

		return esc_sql( $_SERVER['REMOTE_ADDR'] );

	}

	//Just get the headers if we can or else use the SERVER global
	if ( function_exists( 'apache_request_headers' ) ) {

		$headers = apache_request_headers();

	} else {

		$headers = $_SERVER;

	}

	//Get the forwarded IP if it exists
	if ( array_key_exists( 'X-Forwarded-For', $headers ) &&
	(
		filter_var( explode(', ', $headers['X-Forwarded-For'])[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ||
		filter_var( explode(', ', $headers['X-Forwarded-For'])[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 ) )
	) {

		$the_ip = explode(', ', $headers['X-Forwarded-For'])[0];

	} elseif (
		array_key_exists( 'HTTP_X_FORWARDED_FOR', $headers ) &&
		(
		filter_var( explode(', ', $headers['HTTP_X_FORWARDED_FOR'])[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ||
		filter_var( explode(', ', $headers['HTTP_X_FORWARDED_FOR'])[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 )
		)
	) {

		$the_ip = explode(', ', $headers['HTTP_X_FORWARDED_FOR'])[0];

		} else {

			$the_ip = $_SERVER['REMOTE_ADDR'];

		}

	return esc_sql( $the_ip );

}

    dwinden

    Thread Starter Kosteg

    (@kosteg)

    Thank you very much, dwinden!
    The code works like a charm.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Incorrect visitor's IP detection’ is closed to new replies.