WordPress.org

Ready to get started?Download WordPress

Forums

BruteProtect
[resolved] Google Pagespeed API (7 posts)

  1. gecko_guy
    Member
    Posted 9 months ago #

    Hi,

    There are two other posts about this:

    http://wordpress.org/support/topic/page-behind-proxy-google-page-speed?replies=3

    http://wordpress.org/support/topic/your-ip-has-been-flagged-for-potential-security-violations?replies=4

    This is not really a hosting issue (i.e. they will not help because this is going well beyond the norms of content delivery/hosting).

    The IP address mentioned in the 2nd post is a Google server, but as you say it can't be whitelisted.

    You mentioned in the first link, that you would be implementing that change, can you advise if this has been done?

    I would like to use the PageSpeed Service as well as BruteProtect.

    Thanks

    http://wordpress.org/plugins/bruteprotect/

  2. gecko_guy
    Member
    Posted 9 months ago #

    Just to add a bit to this.

    PageSpeed Service serves webpages on my behalf to my visitors by retrieving original content from my origin server.

    As a result, all requests to the origin server will be from Google's IP addresses.

    To get the IP address of the user on the origin server, Google recommends we use the value stored in the X-Forwarded-For HTTP header.

    The configuration of this is not really your problem at all and is something I am looking into as it has additional negative impact on data collection for all analytics tracking, but what I did notice is that I became locked out of my own account with PageSpeed active because the request was coming from a "blacklisted" IP address.

    It will be blacklisted because 100's or even 1000's of hackers will be coming via the Google servers.

    I wonder how many false positives your stats are showing because of legitimate visitors being blocked like this?

    Additionally, the PageSpeed service can be plugged into the W3 Total Cache dashboard, and millions of WP sites use W3TC and PageSpeed.

    Interesting problem...

  3. Sam Hotchkiss
    Member
    Plugin Author

    Posted 9 months ago #

    Hey Guy-- is it possible for you to allow me FTP access to one a site that you have hosted this way? I'd love to check it out. We have a couple of sites that we administer that use PageSpeed and nginx, and they haven't had any problem with BP.

    If you have a site we could check out, send it over to sam at bruteprotect dot com-- FTP and wp-admin

    thanks!

  4. gecko_guy
    Member
    Posted 9 months ago #

    Hi Sam,

    I've disconnected it all now as it was blocking my access, and I also had an unrelated problem to do with the framework I use and the serving ip.

    The server uses Apache 2.2.x

    I intend to attempt again though, so if I run into the same issue will set up a temp ftp account for you and drop you a line.

    Thanks for your attention.

    Guy

  5. Sam Hotchkiss
    Member
    Plugin Author

    Posted 9 months ago #

    Sounds good-- I'd love to check it out, at the very least to figure out some indications that the issue is occurring so that we can fall back to a CAPTCHA and provide some information to help troubleshoot

  6. Sam Hotchkiss
    Member
    Plugin Author

    Posted 9 months ago #

    Hey Guy-- can you email me details about your hosting company? We keep hearing whispers of these PageSpeed issues, and we'd like to set up our own account so that we can come up with a fix.

    Thanks!
    Sam

  7. gecko_guy
    Member
    Posted 9 months ago #

    Done. Here is some of the info I sent in the mail, in case someone else finds it useful:

    I made some progress with X-Forward Headers, but had to use the mod_rpaf Apache Module, since mod_remote_ip only works with Apache 2.4+

    I had to abandon it again because it also requires some modifications to the theme I use, and I ran out of time.

    Here is a bit more info though:

    http://gurutek.biz/mod_rpaf-and-mod_remoteip/

    https://github.com/gnif/mod_rpaf

    Some documentation from Google:

    https://developers.google.com/speed/pagespeed/service/faq#clientip

Reply

You must log in to post.

About this Plugin

About this Topic