Hi @martoeporedia, thanks for reaching out to us.
I think it would be best to understand the server environment you’re running on and see if any other site communication is failing due to the improper detection of visitor IPs.
Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email
Thanks,
Peter.
Thank you @wfpeter,
I’ve sent the diagnostics.
Today 2 IPs are correctly, only 2.
Hi @martoeporedia,
X-Forwarded-For is correctly reporting what I believe to be your visitor IP, although as you mention is including 2 in this section. One of these appears to be related to your server or related servers/load-balancers/etc. on your host.
If you are not the server administrator, I would reach out to your hosting support and request that the visitor IP is exclusively sent to one of your IP detection methods. Once only 1 IP can be seen, your visitor IPs should detect properly in Wordfence.
Thanks,
Peter.
Same connection, same user, in configuration i can see the right IP (I use x-forwarded-for for all my logs), the firewall plugin see wrong IP. It seems using two different methods…
Hi @martoeporedia,
If you keep “X-Forwarded-For” as your detection method, then add 172.31.26.221
to the “+Edit Trusted Proxies” link below the IP detection section, this should ensure that Wordfence only reads the visitor IP and not the secondary address being sent over.
However, if the IP above is not consistent and a different one is sent with the visitor IP at different times, you will need to contact your host for a range to input into the trusted proxies.
Thanks,
Peter.
Proxies are in an autoscaling groups and in the second image it get public ip not the local
Hi @martoeporedia,
I would also recommend changing Live Traffic to report SECURITY ONLY rather than ALL TRAFFIC, which can be found in the “Live Traffic Options” section of the Live Traffic page as you don’t necessarily need to store information about 200 OK response codes.
Please let me know the current situation with visitor IPs and whether that is working correctly for you. If there’s any confusion on my side because you’ve had to obscure IPs in your original screenshots, please feel free to send those privately to us to wftest @ wordfence . com. Please add your forum username to the subject line and respond here after you have sent it.
Thanks,
Peter.