WordPress.org

Support

Support » Plugins and Hacks » BruteProtect » [Resolved] BruteProtect AWS Elastic Load Balancer

[Resolved] BruteProtect AWS Elastic Load Balancer

  • munkie87

    @munkie87

    We are running several WordPress servers behind an Amazon Elastic Load Balancer. When we vsit the BruteProtect >> IP White List page, it shows our current IP address as 10.248.200.90 – this is actually the internal IP address of the load balancer, not my actual external IP address.

    Am I correct in thinking that all BruteProtect is going to do for me is block the load balancers, and not the actual end offender?

    http://wordpress.org/plugins/bruteprotect/

Viewing 3 replies - 1 through 3 (of 3 total)
  • munkie87

    @munkie87

    Looks like I found a simple solution – it requires two simple code changes.

    bruteprotect.php >> Lines 78 & 307

    Replace $_SERVER['REMOTE_ADDR'] with $_SERVER['HTTP_X_FORWARDED_FOR']

    AWS Elastic Load Balancers forward through the original requesting IP address on http_x_forwarded_for. This slight change will make sure BruteProtect blocks the bad guys and not the load balancer.

    Plugin Author Sam Hotchkiss

    @samhotchkiss

    Hey Munkie– yes, we’re going to be accounting for AWS and PageSpeed (both use the forwarded for header) in BruteProtect 1.1, due out in the next week or two!

    Thanks for posting your fix!

    Best,
    Sam

    Plugin Author Sam Hotchkiss

    @samhotchkiss

    Well, it was more than 2 weeks, but BP 1.1 is out now, so you can update to resolve this issue!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Resolved] BruteProtect AWS Elastic Load Balancer’ is closed to new replies.
Skip to toolbar