Support » Plugin: BruteProtect » BruteProtect AWS Elastic Load Balancer

  • Resolved munkie87


    We are running several WordPress servers behind an Amazon Elastic Load Balancer. When we vsit the BruteProtect >> IP White List page, it shows our current IP address as – this is actually the internal IP address of the load balancer, not my actual external IP address.

    Am I correct in thinking that all BruteProtect is going to do for me is block the load balancers, and not the actual end offender?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Looks like I found a simple solution – it requires two simple code changes.

    bruteprotect.php >> Lines 78 & 307


    AWS Elastic Load Balancers forward through the original requesting IP address on http_x_forwarded_for. This slight change will make sure BruteProtect blocks the bad guys and not the load balancer.

    Plugin Author Sam Hotchkiss


    Hey Munkie– yes, we’re going to be accounting for AWS and PageSpeed (both use the forwarded for header) in BruteProtect 1.1, due out in the next week or two!

    Thanks for posting your fix!


    Plugin Author Sam Hotchkiss


    Well, it was more than 2 weeks, but BP 1.1 is out now, so you can update to resolve this issue!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘BruteProtect AWS Elastic Load Balancer’ is closed to new replies.