WordPress.org

Ready to get started?Download WordPress

Forums

ARYO Activity Log
[resolved] improve IP logging (7 posts)

  1. mpd2002
    Member
    Posted 1 year ago #

    This plugin works quite well, but could use improved IP logging for security. For example, I use the Varnish accelerator, so the default setting shows every IP address as localhost rather than the source of the request. Can you add support for sites using Varnish or a reverse proxy?

    http://wordpress.org/extend/plugins/aryo-activity-log/

  2. Pothi
    Member
    Posted 1 year ago #

    I'm not the plugin author. But wanted to chip in here.

    Are you sure that the issue is with this plugin?

    To test, if the issue is only with this plugin, please do the following steps...

    1. Visit your site as non-logged-in user.
    2. Write a test comment on a blog post.
    3. Visit your site's domainname.com/wp-admin/edit-comments.php
    4. Check the IP address of your comment.
    5. If your IP displays as localhost, then the issue is not within this plugin, but in your server setup.
    6. Delete the test comment.

  3. mpd2002
    Member
    Posted 1 year ago #

    This is a good point to check. I did so and comments.php does show expected IP addresses (not just localhost). I don't claim that this is not an artifact of my particular setup, but I have other plugins that do show the origin IP correctly.

    To be clear, this is a fairly common issue, so I'm not picking on the ARYO plugin; there are many other plugins that have the same issue. In fact I raise it only because ARYO is the best logging tool I've seen for my purpose (I realize there are specific security-oriented loggers, but I like the particular features of this one). I'm no expert but I think that obtaining the true IP address is just a matter of looking at the right tag, e.g. X-Forwarded-For. I've seen it discussed in a number of places in WP forums and elsewhere, e.g.
    https://www.benjaminwiedmann.net/wordpress-behind-reverse-proxy-fix-wrong-ip-insert-x-forwarded-for-ip.html

  4. Pothi
    Member
    Posted 1 year ago #

    Okay. I just tested in a demo environment that runs Varnish. The visitors' IPs are logged correctly by this plugin. However, my setup may differ from yours.

    Anyway, this plugin does use $_SERVER['REMOTE_ADDR'], in classes/class-api.php, at line number 31, to collect the visitor's IP.

    @Plugin's authors:

    There are multiple ways to collect the correct IP. The one recommended way is already mentioned in the article linked above by @mpd2002. There is an alternative way that uses preg_match, but is more accurate, IMO.

  5. Yakir Sitbon
    Member
    Plugin Author

    Posted 1 year ago #

    Hi guys..
    Thank for your comment.

    @mpd2002,
    I just want to check, what you get from this code (put it on your functions.php, in dev area):

    function aryo_test_get_ip() {
        var_dump( $_SERVER['HTTP_X_FORWARDED_FOR'] );
    }
    add_action( 'init', 'aryo_test_get_ip' );

    Can you paste here the result?

  6. Yakir Sitbon
    Member
    Plugin Author

    Posted 1 year ago #

    Hi guys..
    Thank for your comment.

    @mpd2002,
    I just want to check, what you get from this code (put it on your functions.php, in dev area):

    function aryo_test_get_ip() {
        var_dump( $_SERVER['HTTP_X_FORWARDED_FOR'] );
    }
    add_action( 'init', 'aryo_test_get_ip' );

    Can you paste here the result?

  7. Maor Chasen
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks for your help, guys.

    Did anyone got to test Yakir's code by any chance?

    Cheers

  8. Yakir Sitbon
    Member
    Plugin Author

    Posted 1 month ago #

    Now our plugin have full support for your issue. Thanks.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic