WordPress.org

Forums

BruteProtect
[resolved] BruteProtect + AWS Elastic Load Balancer (4 posts)

  1. munkie87
    Member
    Posted 1 year ago #

    We are running several WordPress servers behind an Amazon Elastic Load Balancer. When we vsit the BruteProtect >> IP White List page, it shows our current IP address as 10.248.200.90 - this is actually the internal IP address of the load balancer, not my actual external IP address.

    Am I correct in thinking that all BruteProtect is going to do for me is block the load balancers, and not the actual end offender?

    http://wordpress.org/plugins/bruteprotect/

  2. munkie87
    Member
    Posted 1 year ago #

    Looks like I found a simple solution - it requires two simple code changes.

    bruteprotect.php >> Lines 78 & 307

    Replace $_SERVER['REMOTE_ADDR'] with $_SERVER['HTTP_X_FORWARDED_FOR']

    AWS Elastic Load Balancers forward through the original requesting IP address on http_x_forwarded_for. This slight change will make sure BruteProtect blocks the bad guys and not the load balancer.

  3. Sam Hotchkiss
    Member
    Plugin Author

    Posted 1 year ago #

    Hey Munkie-- yes, we're going to be accounting for AWS and PageSpeed (both use the forwarded for header) in BruteProtect 1.1, due out in the next week or two!

    Thanks for posting your fix!

    Best,
    Sam

  4. Sam Hotchkiss
    Member
    Plugin Author

    Posted 1 year ago #

    Well, it was more than 2 weeks, but BP 1.1 is out now, so you can update to resolve this issue!

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • BruteProtect
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.