Varnish or other reverseproxy hides IP | WordPress.org

Resolved Falkvinge
(@falkvinge)

9 years, 6 months ago

In the security report, all intrusion attempts are listed as coming from my Varnish installation, as that’s the last IP hop in my internal network before reaching WordPress.

Would it be possible to honor the X-Forwarded-For HTTP header (note that the header may carry several comma-separated IPs) in the report? I am aware that this header may be forged (and therefore my Varnish strips any such header previously put into the request) but having my Varnish node listed as attacker doesn’t really help me except to establish the total quantity of attacks.

Cheers,
Rick

Viewing 3 replies - 1 through 3 (of 3 total)

Safronik
(@safronik)

9 years, 6 months ago

Hello Rick,

Thank you for the feedback, we appreciate that!

Right now we’re working on the log system and we will mind you request.
Also we’ll inspect this issue with Varnish.

We’ll contact you as soon as we finish.

Safronik
(@safronik)

9 years, 5 months ago

Hello Rick,

We’ll look at this problem and suggest the solution. I think it will take about 10-14 days.

Thank you for the patience.

Safronik
(@safronik)

9 years, 5 months ago

Hello Rick,

By default “Varnish” sets HTTP_X_FORWARDED_FOR with a client IP.
Please, try to use the plugin with updated logic. You could download it from here: https://downloads.wordpress.org/plugin/security-malware-firewall.zip

Please, contact us and let us know the results.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Varnish or other reverseproxy hides IP’ is closed to new replies.

3 replies
2 participants
Last reply from: Safronik
Last activity: 9 years, 5 months ago
Status: resolved