WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
[resolved] Can't get the IP of clients (6 posts)

  1. M
    Member
    Posted 6 months ago #

    I noticed these in the live activity log. They're intercalated with success messages (Wordfence is now receiving IP addresses correctly. etc.) from time to time.

    My site is hosted on VPS.net.

    Not sure if it's a bug, but I thought you'd like to know.

    [Feb 20 14:55:24] Wordfence can't get the IP of clients and therefore can't operate. We received IP: 10.83.17.132, 109.166.200.28. X-Forwarded-For was: 10.83.17.132, 109.166.200.28 REMOTE_ADDR was: 10.83.17.132 Headers that may contain the client IP: HTTP_X_FORWARDED_FOR => 10.83.17.132, 109.166.200.28 REMOTE_ADDR => 10.83.17.132 SERVER_ADDR => 46.23.76.228

    [Feb 20 15:06:36] Wordfence can't get the IP of clients and therefore can't operate. We received IP: 10.83.35.217, 109.166.200.29. X-Forwarded-For was: 10.83.35.217, 109.166.200.29 REMOTE_ADDR was: 10.83.35.217 Headers that may contain the client IP: HTTP_X_FORWARDED_FOR => 10.83.35.217, 109.166.200.29 HTTP_X_NOKIA_REMOTESOCKET => 10.83.35.217:63214 HTTP_X_NOKIA_LOCALSOCKET => 62.217.247.252:8799 REMOTE_ADDR => 10.83.35.217 SERVER_ADDR => 46.23.76.228

    [Feb 20 16:15:17] Wordfence can't get the IP of clients and therefore can't operate. We received IP: unknown. X-Forwarded-For was: unknown REMOTE_ADDR was: unknown Headers that may contain the client IP: SERVER_ADDR => 46.23.76.228

    https://wordpress.org/plugins/wordfence/

  2. Wordfence
    Member
    Plugin Author

    Posted 6 months ago #

    Hi,

    This is worrying:

    [Feb 20 16:15:17] Wordfence can't get the IP of clients and therefore can't operate. We received IP: unknown. X-Forwarded-For was: unknown REMOTE_ADDR was: unknown Headers that may contain the client IP: SERVER_ADDR => 46.23.76.228

    It means that neither REMOTE_ADDR in PHP's $_SERVER variable is set. It also means that the HTTP X-Forwarded-For header is not set with an IP address. Please ask your hosting provider how your PHP applications should get the client IP address. Then share that information here and i'll try to help.

    Regards,

    Mark.

  3. M
    Member
    Posted 6 months ago #

    Hi Mark,

    even before talking to the host, I can tell you that I have these rules added in my wp-config.php especially to fix the IP problem (comments were registered as if they were all posted by my IP).

    // ** bw 2012-08-12 wordpress reverse proxy x-forwarded-for ip fix ** //
    if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $xffaddrs = explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']);
    $_SERVER['REMOTE_ADDR'] = $xffaddrs[0];
    }

    Let me know if this helps.

    Regards.

  4. Wordfence
    Member
    Plugin Author

    Posted 6 months ago #

    OK I think that's a bug in your wp-config.php because you're not validating the IP address passed by X-Forwarded-For before setting REMOTE_ADDR. So if it's garbage because someone sent a bogus header then it'll overwrite the REMOTE_ADDR header.

    Try this. I haven't tested it, just typing this out and maybe it'll work for you:

    if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $xffaddrs = explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']);
    for($i  = sizeof($xffaddrs) - 1; $i >= 0; $i--){
     $addr = trim($xffaddrs[$i]);
     if(preg_match('/\d+\.\d+\.\d+\.\d+/', $addr) && (! preg_match('/^(?:192\.168|10\.)/', $addr))){
      $_SERVER['REMOTE_ADDR'] = $addr;
      break;
     }
    }
    }

    Anyway, something like that, it probably has syntax errors in it. But the idea is that you actually start looking at addresses on the right side of the list in X-Forwarded-for because those are closer to the client if they're behind multiple proxies, but you want to ignore private addresses. I've only filtered out 192.168 and 10. prefixes. There's also the 172.16.0.0 to 172.31.255.255 address along with a whole bunch of invalid IP ranges and if you're interested in how to efficiently filter those out look at Wordfence's code in the lib/wfUtils.php module where we do this kind of parsing but more more complex and efficient.

    Regards,

    Mark.

  5. M
    Member
    Posted 6 months ago #

    Hi Mark,

    thank you for the code. No errors and it seems to be working. I've tested the comments feature and IP was registered correctly in both Wordfence live log and the comments page. I'll wait today and check if those errors appear again and if not I'll close this one as solved.

    Again, thanks for the support and this great plugin - lifesaver for my site.

    Regards,
    Margareta

  6. wnthne
    Member
    Posted 2 months ago #

    The code posted. Does it go in wp-config.php, and is it important where in the file it occurs? Also how do I block the hits below?

    An unknown location at IP 0.0.0.0 visited
    4 hours 45 mins ago   IP: 0.0.0.0
    Browser: Baiduspider version 2.0
    Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
    
    An unknown location at IP 0.0.0.0 visited
    4 hours 45 mins ago   IP: 0.0.0.0
    Browser: Opera version 12.15 running on Win7
    Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.15

Reply

You must log in to post.

About this Plugin

About this Topic