Server IP Banned

  • Resolved Tony

    (@ifaist0s)


    7 years ago

    Hello and thank you for the plugin,

    I’m using the plugin for quite some time but today I faced a strange issue. The plugin banned the IP of the server hosting the wordpress site! I suppose this is because the server is using Apache as the web server and Nginx as the reverse proxy. In such a setup the request SEEMS to be coming from the web server’s IP.

    I was under the impression that the plugin recognized this kind of a setup. As far as I know there are special X-Forwaded(?) headers that provide the client’s IP address, aren’t there? Did you change something lately that would lead to such a behavior? I don’t think this problem existed before. As you can understand, for sites with lots of traffic, being blocked regularly can be quite annoying.

    Moreover, Dashboard – Last 5 logins, all show the same IP address. If the server IP is assigned to every login, then I guess all the firewall functionality which is based on IP addresses, does not work at all, does it?

    All In One WP Security Version 4.2.9
    WordPress Version 4.8.3

Viewing 1 replies (of 1 total)
  • Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi,
    You may need to apply a small tweak to your wp-config.php file as suggested here (see my last response in that thread)
    https://www.ads-software.com/support/topic/wp-security-doesnt-recognize-external-ip-addresses/

    Basically I had to make a change to the IP address function in the last release. It now primarily uses the $_SERVER[‘REMOTE_ADDR’] as the first source to get visitor IP address. Out of the available options this is the most trustworthy but there will be exceptions for certain server configurations such as yours. In these cases you can override the IP address in the $_SERVER[‘REMOTE_ADDR’] global with the one which suits your needs.

    As you probably are aware there are numerous $_SERVER global variables in addition to $_SERVER[‘REMOTE_ADDR’] which can potentially contain the correct visitor IP:
    ‘HTTP_CF_CONNECTING_IP’, ‘HTTP_CLIENT_IP’, ‘HTTP_X_FORWARDED_FOR’, ‘HTTP_X_FORWARDED’, ‘HTTP_X_CLUSTER_CLIENT_IP’, ‘HTTP_FORWARDED_FOR’, ‘HTTP_FORWARDED’

Viewing 1 replies (of 1 total)
  • The topic ‘Server IP Banned’ is closed to new replies.