Multisite IP Address Detection – Not all domains are on Cloudflare

  • Resolved robaxxx

    (@robaxxx)


    9 months ago

    Hi there

    The latest update automatically switched IP detection to the Cloudflare option because my network site’s domain is on Cloudflare.

    I went and reset that back to the default method because not all domains on the instance are on CloudFlare.

    And as there is no way to deal with this per site, I need to leave it there. This means the entire firewall feature really only works with some sites and not the others.

    Maybe there could be a way to set this per site in future.. or is there something I’ve missed here?

    Regards
    Rob

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @robaxxx

    I hope you’re well today!

    The “Default” method currently should actually be the most secure as it doesn’t use just one basic HTTP header to check IP but rather checks all available ones. Theoretically this should be compatible with most of setups even if they are – like here – partially routed through CloudFlare and partially not.

    We do have some further improvements to that planned anyway to make it more “universal” and more “strict” (and less prone to incorrect IP detection) – I don’t have ETA but they are coming in future.

    But I get your point and I think it’s quite a valid question and the case that may require additional review.

    I’ve asked our Defender Team for additional feedback on this so I’d appreciate some patience. We’re waiting for their response and we’ll update you here again soon with more information on this.

    Best regards,
    Adam

    Plugin Support Kris – WPMU DEV Support

    (@wpmudevsupport13)

    Hi @robaxxx

    As said above, this was already forwarded to our developers and I am marking this thread as resolved, but if you have any additional questions feel free to let us know.

    Kind Regards,
    Kris

    Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @robaxxx

    I got feedback from our Defender Team on this.

    They are looking into it to improve those detection settings with one of future releases but meanwhile there’s a workaround that you can use.

    You’d need to add this code as Must Use plugin to the site: 

    <?php 

add_filter( 'wpdef_firewall_ip_detection', 'alter_ip_detection' );
function alter_ip_detection( $http_ip_header ) {
	$site_id = get_current_blog_id();
	
	// Main site
	if ( 1 === $site_id ) {
		return 'HTTP_CF_CONNECTING_IP';
	}
	// subsite
	else if ( 2 === $site_id ) {
		return 'HTTP_X_FORWARDED_FOR';
	}
	
	return $http_ip_header;
}

    and you can use “if…else if” condition to set different HTTP headers to be used for IP detection for different subsites.

    To add code to the site:

    1. create an empty file with a .php extension (e.g. “defender-multisite-ip-detection-patch.php”) in the “/wp-content/mu-plugins” folder of your site’s WordPress install

    2. copy and paste code into it

    3. by setting site ID and HTTP header name (you can see available headers in IP detection settings in plugin interface) in the code you can control which header would be used for which sub-site.

    4. save the file, purge all cache and it should start working out of the box.

    I hope that makes some sense but if you have any additional/follow-up questions on this, don’t hesitate to ask.

    Best regards,
    Adam

    Thread Starter robaxxx

    (@robaxxx)

    Thanks for this Adam.

    Got sidetracked for a while but back again now.

    I’ll check this and have a go!

    Regards
    Rob

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Multisite IP Address Detection – Not all domains are on Cloudflare’ is closed to new replies.