IP detection issues with possible 3rd party SSL

  • Resolved OnlyMi

    (@onlymi)


    5 years, 11 months ago

    The site is not accessible because everyone is seen as coming from the same IP address (the host IP) which is blocked because there was a failed malicious login attempt (also forced to have the same IP which automatically blocks the IP)
    I read the other thread with the same issue and tried switching to REMOTE_ADD detection with no success.
    The hosting company thinks the issue may be that our site is first going through a 3rd party SSL before going to the host and this may be why different http headers are being served and why Wordfence is having a problem with IP detection.
    I have the IP address for the SSL. Is this something I should be putting in as the X-Forwarded-For HTTP header? If so, where do I do that? Or is there something else that would help resolve this problem.

    The page I need help with: [log in to see the link]

Viewing 10 replies - 1 through 10 (of 10 total)

  • Hey @onlymi,

    I’m sorry to hear that you’ve run into this. Can you please email me your Diagnostics report so we can review the plugins on the site? From the WordPress Dashboard navigate to Wordfence > Tools > Diagnostics then click SEND REPORT BY EMAIL to send it to [email protected]. Please also add your www.ads-software.com username and update this post so we’ll know what it’s in reference to.

    Thanks,

    Gerald

    Thread Starter OnlyMi

    (@onlymi)

    Thanks, Gerald.
    I’ve sent the diagnostics on to you.
    Michelle

    Thread Starter OnlyMi

    (@onlymi)

    Is there anything further on this? I’m currently trying to remain logged in to tie up the IP address so people can access the website without being blocked. I’d rather do that then turn Wordfence off so I can continue to monitor login attempt activities.
    Thanks.

    Hey @onlymi (Michelle),

    Thanks for sharing the Diagnostics.

    Can you change the setting in “How Wordfence gets its IPs” to the “X-Real-IP HTTP header” option in your WordPress Dashboard > Wordfence > All Options > General Wordfence Options and let me know if it helps?

    https://www.wordfence.com/help/dashboard/options/

    Thanks,

    Gerald

    Thread Starter OnlyMi

    (@onlymi)

    Hi Gerald,
    It seems to be logging the IPs correctly. So we’ll consider this resolved and I’ll continue to monitor for any further hiccups.
    Thanks!
    Michelle

    Hey @onlymi,

    Thanks for the update, and happy to hear it!

    Please do let us know if anything else comes up.

    Thanks,

    Gerald

    Thread Starter OnlyMi

    (@onlymi)

    Hi Gerald,
    I see today that I get a critical error with Wordfence because the IP detection setting is not set to REMOTE_ADD. Is this something I need to be worried about?
    Thanks,
    Michelle

    Hey @onlymi (Michelle),

    Can you please first identify your IP here https://www.whatsmyip.org/?

    Then try all the options under the How does Wordfence get IPs section here https://www.wordfence.com/help/dashboard/options/#general-wordfence-options and let me know if you see your correct IP in the Your IP with this setting line?

    Thanks,

    Gerald

    Thread Starter OnlyMi

    (@onlymi)

    Hi Gerald,
    Only when I use the X-REAL-IP do I see my IP address. All other option are detected as the hosting IP address in the States.
    Michelle

    Hi @onlymi,

    I see today that I get a critical error with Wordfence because the IP detection setting is not set to REMOTE_ADDR, Is this something I need to be worried about?

    You can safely ignore this warning. Your server is behind a proxy / CDN, and this means that IP addresses detected with REMOTE_ADDR will be that of the proxy and not of your actual users.

    Dave

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘IP detection issues with possible 3rd party SSL’ is closed to new replies.