Wordfence and Amazon CloudFront

Hello @rodgerjm and thanks for contacting us!

Make sure to set Use the X-Forwarded-For HTTP header. Only use if you have a front-end proxy or spoofing may result. and then you’ll have to add all of these ranges as trusted proxies:
http://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips

You should then see your real IP on the line Your IP with this setting.
To find your IP you can use something like https://www.whatsmyip.org – though this is not 100% accurate all the time on cell phone network internet connections.

You might also need to review that proxy list in case AWS changes any ranges.

Let me know if this helps!

Thanks!

Hello again @rodgerjm

Have you also added all the IPs that Cloudfront provides for the trusted proxies?

To add all of Cloudfront’s IP address ranges as trusted proxies.

Click on the link + Edit trusted proxies in All Options > General Wordfence Options directly under Detected IP.

Now you will need to enter all of these Cloudfront IP address ranges shown in the page below:

http://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips

Each IP address range must be manually copied and pasted on a separate line in the Trusted Proxies text area in Wordfence.

Make sure you copy this list that you have created in the Trusted Proxies text area in case you get blocked when your press the SAVE CHANGES button otherwise you will have to go through that lengthy process again. You may be blocked if Wordfence is seeing all IP addresses as Cloudfront IP addresses and an attacker is blocked but Wordfence sees you as having the same IP address as the attacker.

Once saved you should then see your IP address on the line Your IP with this setting.

Let me know if this helps!

Thanks!

Mind sending me a Diagnostic Report so I can review this issue?

Send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

Thanks in advance!

Hello @rodgerjm

It looks like you have everything set up correctly on the Wordfence side.

Have you reached out to Cloudfront to see if they can spot why visitors’ IP addresses are not being sent to the server?

Let me know what you find!

Thanks again!

With the trusted proxies set, have you tested the other IP detection methods?

All Options > General Wordfence Options > How does Wordfence get IPs and reference the area under that section that says Detected IPs and Your IP with this setting. Start from the top and check to see if any of the settings show that both of those show the same IP as the site above does.

Other than trying that, you have all the correct settings in place to make this work. You will have to contact Cloudfront for additional assistance.

In a setup like this, we expect to see the X-Forwarded-For header to be populated with the actual client IP and followed by any number of AWS services’ IPs. Adding those IPs to the trusted proxies would then leave you with the client IP and a correct server IP configuration.

In this case, we are not seeing any trace of the client IP to get to including in the diagnostics in the $_SERVER values. That section is also not suggesting that any different header is in use. Typically in this area, you will see a reference to the client IP. If it is not there, there is not anything we can do in the Wordfence settings to access it and correctly configure the IP detection.

Can you confirm you have reached out to CloudFront to have them take a look at this issue? You can also reference the access logs on your server to see if you’re seeing client IPs or also seeing AWS IPs there as well.

Let me know what information you find!

Thanks!