X-Forwarded-For Not Honored

Here is a link to an imgur post that shows what the settings look like vs what shows in a php var_dump.

View post on imgur.com

Hi @kkeiperssc, thanks for reaching out to us.

It does seem odd if the X-Forwarded-For header in your screenshot is showing the correct IP but Wordfence is not seeing this. Traditionally, hosts not passing the visitor IP on to the website correctly after going through a load balancer, proxy or firewall does tend to cause the issue you’re seeing.

The definitive way of us seeing if Wordfence is able to see the intended X-Fowarded-For value all would be to analyze what PHP is picking up through a diagnostic report. Can you send one to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

Note: For the fastest response time, please make sure and add any information or questions directly to this topic and not the email address above unless asked.

Thanks,

Peter.

@wfpeter, my server doesn’t want to send the email, but that page I think clears it up for me. I’m seeing that WordFence is indeed seeing the X-Forwarded-For value, but can’t use it because it has a weird character on the end. I’m going to have my ops guy figure out why the load balancer is adding that %74 and how to get rid of it.

If that doesn’t fix it, I’ll respond again, but I think you’ve answered my problem! Thanks!

@wfpeter,

My ops guy got the %74 fixed, but it’s still saying the detected ip is not valid.

## IP Detection: Methods of detecting a visitor's IP address. ##

---------------------------------------------------------------
| IPs              | Value         | Used                     |
---------------------------------------------------------------
| REMOTE_ADDR      | 206.244.74.95 | In use                   |
| CF-Connecting-IP | (not set)     |                          |
| X-Real-IP        | (not set)     |                          |
| X-Forwarded-For  | 172.17.4.147  | Configured but not valid |
| Trusted Proxies  |               |                          |
---------------------------------------------------------------

Why is that IP showing as “not valid”? That’s the IP address of my computer when I run ip addr.

Hi @kkeiperssc, thanks for your reply.

“Configured but not valid” is often seen with private IP addresses.

If your load balancer’s IP that appears in REMOTE_ADDR was a private IP, the configuration choice of X-Forwarded-For would stick, but since it’s not, Wordfence assumes the other IP isn’t a real visitor IP and falls back to the safest choice.

If you’re running Apache behind the load balancer, you could use mod_remoteip with the load balancer’s IP in RemoteIPTrustedProxy amongst some other configuration values, to treat the original client IP as the remote address: https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html

There should be similar ways to handle it in other web servers, but let me know if no private IP is in use or the IP cannot be configured to be sent through as the remote address.

Thanks again,

Peter.