Wordfence problem when using Reverse Proxy.

Hi @gnam389, thanks for getting in touch.

The reverse proxy address may still be seen by the site using one of the REMOTE_ADDR, CF-Connecting-IP, X-Real-IP, or X-Forwarded-For values so the genuine visitor IP may be in one of the others or comma-separated with another.

Take note of your own IP on your main device: https://www.whatsmyip.org. Then head over to Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs and reference the area under that section that says Detected IPs and Your IP with this setting. See if any of the options there when picked accurately reflect your IP. If one does, don’t forget to hit the SAVE CHANGES button in the top-right after you’re done.

If the visitor IP is present but being sent comma-separated with a proxy or other address, you can allow for this by clicking on the text link “+Edit trusted proxies” and add the IP that isn’t yours to exclude it from detection.

If the visitor IP isn’t present at all, this can be down to a misconfigured reverse proxy and the administrator/host will need to start sending this information for Wordfence to accurately detect visitors.

Let us know how you get on!
Peter.

I was getting blocked once I installed a nginx reverse proxy. Adding the below code helped resolve the correct visitor IP to be received and resolving https issues.

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';

if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) { 
    $mte_xffaddrs = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] ); 
    $_SERVER['REMOTE_ADDR'] = $mte_xffaddrs[0]; 
}