Works wrong behind reverse proxy
-
Hi,
It seems that plugin doesn’t check if WordPress is running behind reverse proxy. Reverse proxy address is stored in db since plugin uses REMOTE_ADDR value.
I think that you need to change code in get_ip() function to:
$real_ip = isset($_SERVER[‘HTTP_X_REAL_IP’]) ? $_SERVER[‘HTTP_X_REAL_IP’] : $_SERVER[‘REMOTE_ADDR’];
if (empty($real_ip)) {
…Now it should correctly store real (external) ip of attacker, not proxy address.
Best regards,
Alexanderhttps://www.ads-software.com/plugins/login-security-solution/
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
- The topic ‘Works wrong behind reverse proxy’ is closed to new replies.
