CloudFlare Compatibility

  • Resolved Dominic

    (@dominicp)


    12 years, 3 months ago

    I’ve seen some indications that this plugin is compatible with CloudFlare from my Googling but nothing definitive. I noticed that in the brute_get_ip function you’re checking the HTTP_X_FORWARDED_FOR header, but there are some instances where that can include multiple IPs when working with CloudFlare (see CloudFlare docs).

    Maybe there should be a conditional that checks for the CF-Connecting-IP header as well? Anyway, thanks for a great plugin.

    https://wordpress.org/plugins/bruteprotect/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor Sam Hotchkiss

    (@samhotchkiss)

    12 years, 3 months ago

    Hi Dominic– thanks for the feedback! We’ve added CF-Connecting-IP to the headers we look for in the latest version of BruteProtect

    Thread Starter Dominic

    (@dominicp)

    12 years, 2 months ago

    Hi Sam, thanks for incorporating that header check. I took a look at the latest source, and I think there might be a small formatting error.

    In the PHP $_SERVER variable, the CF-Connecting-IP header is presented as $_SERVER["HTTP_CF_CONNECTING_IP"]. So the array_key_exists check won’t find it. See this SO answer.

    Sorry, I should have made that more clear in my original post.

    Plugin Contributor Sam Hotchkiss

    (@samhotchkiss)

    12 years, 2 months ago

    Thanks, Dominic, that’s what I get for throwing things in at the last second 🙂 I’ve made the fix, and it’ll be in our 1.1.5 release which should be out by the end of next week

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘CloudFlare Compatibility’ is closed to new replies.

Tags