Login IP not an external IP
-
For some reason wp security isnt giving me the clients IP. All login attempts come from the server host IP. I tried logging in via my mobile phone and it was the same issue.
Thank You,
-
Do you know if your hosting uses load balancers?
I do not its hosted through azure web app service and its windows server. Not sure that helps at all. I will periodically get 1 random ip out of 200+ results.
I believe that it does, please see here for more information: https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview
I looked on my server and it doesnt appear like i have load balancing and im pretty sure it used to work just not sure when it stopped. I did get the login attempts down to 1 a minute after enabling the recaptcha.
Do you use Cloudflare?
-
This reply was modified 4 years, 2 months ago by
vupdraft.
nope
I will ask our development team to see if they have any further insights.
Hi,
I have checked with our development team and they say that this is server related and you should check with your hosts.
Should there be more in the htaccess file? (I crossed out the ips and website in the below) I havent changed anything on the azure side so i dont understand how or when it broke because it used to work and i have another plugin that gets the proper ips.
# BEGIN All In One WP Security
#AIOWPS_LOGIN_WHITELIST_START
<FilesMatch “^(wp-login\.php)”>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from xxxxxx.org
Allow from XX.XXX.XXX.X
Allow from XXX.XX.XX.XX
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
Require local
Require ip XXX.X.X.X
Require host XXXXXXX.org
Require ip XXX.XX.XX.XX
</IfModule>
</FilesMatch>
#AIOWPS_LOGIN_WHITELIST_END
# END All In One WP SecurityAre the number of failed logins the same for both plugins?
I had the same problem with Azure sending the wrong external IP address. The new update to this plugin doesn’t deal with the port number coming from ‘HTTP_X_FORWARDED_FOR’ and therefore tries to get the external IP address from the wrong place. In order to fix this on Azure, I put the lines below in my wp-config.php file. They remove the port number from the end of the IP address Azure serves up in the ‘HTTP_X_FORWARDED_FOR’ before it gets to the Security plugin so that the external IP address function in the plugin is never fired off and pulling the wrong IP address.
$_SERVER['REMOTE_ADDR'] = current(explode(',', current(explode(':', $_SERVER['HTTP_X_FORWARDED_FOR'])))); $_SERVER['HTTP_X_FORWARDED_FOR'] = current(explode(',', current(explode(':', $_SERVER['HTTP_X_FORWARDED_FOR']))));Before the update to 4.4.12, the plugin removed the port number itself, now it just ignores the port number.
Try throwing those two lines into wp-config.php and it should work nicely with Azure.
Does it matter where in the wp-config file i put that code?
-
This reply was modified 4 years, 2 months ago by
The topic ‘Login IP not an external IP’ is closed to new replies.