Log out fails with 403 Forbidden Error Page

I assume you used the IP based Login Protection? If so, then the IP address you are allowing is not the actual IP address in the .htaccess file code. This could be because you are using 4 octets of your IP address instead of 3 or 2. Your ISP will change your IP address regularly and frequently, but your first 3 or 2 octets of your IP address may or may not be consistently the same. You can only use IP based Login Protection if 3 or 2 of your IP address octects are always consistently the same.

If you are using Cloud/CloudFlare services then see the help section in the forum link above that you posted regarding Cloud IP based code.

If using CloudFlare for the site, which I can’t tell here, then you want to make sure you have something to restore original visitor IP. If not, our IPs are going to show and this would impact IP restriction based on login.

@damoncloudflare – BPS will have additional System Info checks to help users with this. I have researched how CloudFlare does what it does and in the next BPS version release the System Info page will display the correct IP address based on a series of checks (VERY, VERY Sanitized checks):

$_SERVER['HTTP_CLIENT_IP']
$_SERVER['HTTP_X_FORWARDED_FOR']
$_SERVER['REMOTE_ADDR']

BPS does not change or interfere with whatever the actual correct IP address is going to be that is needed. The IP Based code is very simple and only handles basic allow or deny conditions based on the IP address that the user adds to the .htaccess code. So the logic is get the end user the correct IP address that they need on the System Info page so that they can add that IP address in the .htaccess code.

Also the particular code that Carlo is referring to is Bonus Code and is Not standard BPS .htaccess code. At some point it will be added as an additional option, but at this point the users have to manually add the code and add their correct IP addresses.

When it is added as an optional feature then the correct IP address or addresses will be auto-populated for the end user.

@damoncloudflare – I read somewhere else on the CloudFlare site that HTTP_CF_CONNECTING_IP will be the same as HTTP_X_FORWARDED_FOR. Is that correct? Posting this code below just as a reference for myself.

if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
       $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];

Or would it be better to add an additional check for HTTP_CF_CONNECTING_IP instead of assuming that HTTP_X_FORWARDED_FOR will be the correct CloudFlare IP?

Did this answer your question? If so, please resolve this thread. If not, please post a status update.

Hello all, and thanks so much for your replies.

I realize that I indeed did a silly mistake. I didn’t pay enough attention to the IP I was connecting to. I change location and of course the IP changed. I fixed that.

Please allow me few minutes to read carefully the whole thread. I will set as resolved the whole pack shortly.

Thanks again ??
Carlo

Great, you’re awesome.
I close the thread, then ??