WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Log out fails with 403 Forbidden Error Page (11 posts)

  1. Carlo Rizzante
    Member
    Posted 9 months ago #

    Hello again,
    and thanks for a great plugin. Apparently it also sped up the whole network.

    However, I have an other issue with it. I cannot log out (I tried Chrome 29.0.1547.76 and Firefox 23.0.1). When I try to logout I receive an error as below:

    yoursite.com 403 Forbidden Error Page
    If you arrived here due to a search or clicking on a link click your Browser's back button to return to the previous page. Thank you

    I presume it is due to the .htaccess file, but I am clueless of where exactly is the problem.

    On that network I employed the .htaccess for one unique Admin who can login, as taken from http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/

    Any idea of the reason why this happens?

    Thanks in advance :)

    http://wordpress.org/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    I assume you used the IP based Login Protection? If so, then the IP address you are allowing is not the actual IP address in the .htaccess file code. This could be because you are using 4 octets of your IP address instead of 3 or 2. Your ISP will change your IP address regularly and frequently, but your first 3 or 2 octets of your IP address may or may not be consistently the same. You can only use IP based Login Protection if 3 or 2 of your IP address octects are always consistently the same.

    If you are using Cloud/CloudFlare services then see the help section in the forum link above that you posted regarding Cloud IP based code.

  3. damoncloudflare
    Member
    Posted 9 months ago #

    If using CloudFlare for the site, which I can't tell here, then you want to make sure you have something to restore original visitor IP. If not, our IPs are going to show and this would impact IP restriction based on login.

  4. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    @damoncloudflare - BPS will have additional System Info checks to help users with this. I have researched how CloudFlare does what it does and in the next BPS version release the System Info page will display the correct IP address based on a series of checks (VERY, VERY Sanitized checks):

    $_SERVER['HTTP_CLIENT_IP']
    $_SERVER['HTTP_X_FORWARDED_FOR']
    $_SERVER['REMOTE_ADDR']

    BPS does not change or interfere with whatever the actual correct IP address is going to be that is needed. The IP Based code is very simple and only handles basic allow or deny conditions based on the IP address that the user adds to the .htaccess code. So the logic is get the end user the correct IP address that they need on the System Info page so that they can add that IP address in the .htaccess code.

  5. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Also the particular code that Carlo is referring to is Bonus Code and is Not standard BPS .htaccess code. At some point it will be added as an additional option, but at this point the users have to manually add the code and add their correct IP addresses.

  6. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    When it is added as an optional feature then the correct IP address or addresses will be auto-populated for the end user.

  7. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    @damoncloudflare - I read somewhere else on the CloudFlare site that HTTP_CF_CONNECTING_IP will be the same as HTTP_X_FORWARDED_FOR. Is that correct? Posting this code below just as a reference for myself.

    if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
           $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
  8. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Or would it be better to add an additional check for HTTP_CF_CONNECTING_IP instead of assuming that HTTP_X_FORWARDED_FOR will be the correct CloudFlare IP?

  9. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Did this answer your question? If so, please resolve this thread. If not, please post a status update.

  10. Carlo Rizzante
    Member
    Posted 9 months ago #

    Hello all, and thanks so much for your replies.

    I realize that I indeed did a silly mistake. I didn't pay enough attention to the IP I was connecting to. I change location and of course the IP changed. I fixed that.

    Please allow me few minutes to read carefully the whole thread. I will set as resolved the whole pack shortly.

    Thanks again :)
    Carlo

  11. Carlo Rizzante
    Member
    Posted 9 months ago #

    Great, you're awesome.
    I close the thread, then :)

Reply

You must log in to post.

About this Plugin

About this Topic