Can't get the IP of clients

Hi,

This is worrying:

[Feb 20 16:15:17] Wordfence can’t get the IP of clients and therefore can’t operate. We received IP: unknown. X-Forwarded-For was: unknown REMOTE_ADDR was: unknown Headers that may contain the client IP: SERVER_ADDR => 46.23.76.228

It means that neither REMOTE_ADDR in PHP’s $_SERVER variable is set. It also means that the HTTP X-Forwarded-For header is not set with an IP address. Please ask your hosting provider how your PHP applications should get the client IP address. Then share that information here and i’ll try to help.

Regards,

Mark.

OK I think that’s a bug in your wp-config.php because you’re not validating the IP address passed by X-Forwarded-For before setting REMOTE_ADDR. So if it’s garbage because someone sent a bogus header then it’ll overwrite the REMOTE_ADDR header.

Try this. I haven’t tested it, just typing this out and maybe it’ll work for you:

if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$xffaddrs = explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']);
for($i  = sizeof($xffaddrs) - 1; $i >= 0; $i--){
 $addr = trim($xffaddrs[$i]);
 if(preg_match('/\d+\.\d+\.\d+\.\d+/', $addr) && (! preg_match('/^(?:192\.168|10\.)/', $addr))){
  $_SERVER['REMOTE_ADDR'] = $addr;
  break;
 }
}
}

Anyway, something like that, it probably has syntax errors in it. But the idea is that you actually start looking at addresses on the right side of the list in X-Forwarded-for because those are closer to the client if they’re behind multiple proxies, but you want to ignore private addresses. I’ve only filtered out 192.168 and 10. prefixes. There’s also the 172.16.0.0 to 172.31.255.255 address along with a whole bunch of invalid IP ranges and if you’re interested in how to efficiently filter those out look at Wordfence’s code in the lib/wfUtils.php module where we do this kind of parsing but more more complex and efficient.

Regards,

Mark.