Not working anymore

Let’s talk in private please. Need to share some more information. Please contact me using contact us button my on website.

I’m enabling the cache again.

That is not my IP. It keeps adding the same IP. It certainly looks like a caching issue. Are you sure there is no caching at your server level? DB caching, object caching, file caching anything?

Let take this conversation to private please. Please contact me before I can provide you with any more information.

Are you planning on contacting me or not?

Sorry I can do that as it is against the rule of www.ads-software.com. But if you want you can contact me.

I have contacted you using contact button on your blog 3 days back. Not sure you got my message.

The issue is real and your plugin isn’t the only one reading incorrect user IP after the Apache upgrade. Lots of debate going on.

https://www.ads-software.com/support/topic/wrong-ip-addresses-in-security-log/
https://www.ads-software.com/support/topic/iq-blocker-stopped-working/

Please see if you can find any fix for this.

Hi,
This is how the plugin gets the visitor’s IP address. I don’t see any issue with the code that can create this problem.

<?php
foreach ( array( 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR' ) as $key ) {
  if ( array_key_exists( $key, $_SERVER ) === true ) {
    foreach ( explode( ',', $_SERVER[$key] ) as $ip ) {
      $ip = trim( $ip ); // just to be safe

      if ( filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ) !== false ) {
        return $ip;
      }
    }
  }
}
?>

• This reply was modified 5 years, 7 months ago by iSaumya.

I’m also using ithemes security plugin (https://www.ads-software.com/plugins/better-wp-security/) which is reporting the IP correctly. Below’s the source code they’re using to read user IP. I’m not familiar with PHP, could you take a look please and let me know if you can change anything from your side or I can change anything in my wg-config.php file?

/**
 * Returns the actual IP address of the user.
 *
 * Determines the user's IP address by returning the forwarded IP address if present or
 * the direct IP address if not.
 *
 * @since 4.0.0
 *
 * @return  String The IP address of the user
 */
public static function get_ip( $use_cache = true ) {
	if ( isset( $GLOBALS['__itsec_remote_ip'] ) && $use_cache ) {
		return $GLOBALS['__itsec_remote_ip'];
	}

	$ip = apply_filters( 'itsec-get-ip', false );

	if ( false !== $ip ) {
		$ip = filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE );

		if ( ! empty( $ip ) ) {
			$GLOBALS['__itsec_remote_ip'] = $ip;

			return $ip;
		}
	}

	unset( $ip );

	$headers = array(
		'HTTP_CF_CONNECTING_IP', // CloudFlare
		'HTTP_X_FORWARDED_FOR',  // Squid and most other forward and reverse proxies
		'REMOTE_ADDR',           // Default source of remote IP
	);

	$headers = (array) apply_filters( 'itsec_filter_remote_addr_headers', $headers );
	$proxy   = ITSEC_Modules::get_setting( 'global', 'proxy' );

	switch ( $proxy ) {
		case 'disabled':
			return $GLOBALS['__itsec_remote_ip'] = $_SERVER['REMOTE_ADDR'];
		case 'manual':
			$header = ITSEC_Modules::get_setting( 'global', 'proxy_header' );

			if ( in_array( $header, $headers, true ) ) {
				$headers = array( $header );
			}
			break;
	}

	if ( ! in_array( 'REMOTE_ADDR', $headers, true ) ) {
		$headers[] = 'REMOTE_ADDR';
	}

	// Loop through twice. The first run won't accept a reserved or private range IP. If an acceptable IP is not
	// found, try again while accepting reserved or private range IPs.
	for ( $x = 0; $x < 2; $x ++ ) {
		foreach ( $headers as $header ) {
			if ( ! isset( $_SERVER[ $header ] ) ) {
				continue;
			}

			$ip = trim( $_SERVER[ $header ] );

			if ( empty( $ip ) ) {
				continue;
			}

			if ( false !== ( $comma_index = strpos( $_SERVER[ $header ], ',' ) ) ) {
				$ip = substr( $ip, 0, $comma_index );
			}

			if ( 0 === $x ) {
				// First run through. Only accept an IP not in the reserved or private range.
				$ip = filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE );
			} else {
				$ip = filter_var( $ip, FILTER_VALIDATE_IP );
			}

			if ( ! empty( $ip ) ) {
				break;
			}
		}

		if ( ! empty( $ip ) ) {
			break;
		}
	}

	if ( empty( $ip ) ) {
		// If an IP is not found, force it to a localhost IP that would not be blacklisted as this typically
		// indicates a local request that does not provide the localhost IP.
		$ip = '127.0.0.1';
	}

	$GLOBALS['__itsec_remote_ip'] = (string) $ip;

	return $GLOBALS['__itsec_remote_ip'];
}

Here’s another plugin WP-PostRatings that correctly returns user IP.

### Function: Get IP Address
if ( ! function_exists( 'get_ipaddress' ) ) {
	function get_ipaddress() {
		foreach ( array( 'HTTP_CF_CONNECTING_IP', 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR' ) as $key ) {
			if ( array_key_exists( $key, $_SERVER ) === true ) {
				foreach ( explode( ',', $_SERVER[$key] ) as $ip ) {
					$ip = trim( $ip );
					if ( filter_var( $ip, FILTER_VALIDATE_IP ) !== false ) {
						return esc_attr( $ip );
					}
				}
			}
		}
	}
}

Unfortunately, it is really hard to resolve this matter like this. If possible, can you contact me via my website? Need to dig a little more into it to see what’s happening here.

This problem has been resolved in v1.2.3 that just now has been released. Please update to the latest version of the plugin to fix this issue.