IP Detection does not work

Resolved

(@whi73rav3n)

Hello,

I am trying to make use of the IP Detection feature since I am behind a Cloudfront instance and no matter the setting I always get the IPs of the load balancer and not of the actual user.

Running a simple PHP script off the Internet provides the correct information. This is the script I am running and always finds the correct information in the X-FORWARDED-FOR header as per the Cloudfront documentation.

<?php
foreach (
			array(
				'HTTP_CLIENT_IP',
				'HTTP_X_FORWARDED_FOR',
				'HTTP_X_FORWARDED',
				'HTTP_X_CLUSTER_CLIENT_IP',
				'HTTP_FORWARDED_FOR',
				'HTTP_FORWARDED',
				'REMOTE_ADDR'
			) as $key
		) {
			if ( array_key_exists( $key, $_SERVER ) === true ) {
				foreach ( explode( ',', $_SERVER[ $key ] ) as $ip ) {
					$ip = trim( $ip ); // just to be safe
					if ( filter_var( $ip, FILTER_VALIDATE_IP,
							FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ) !== false
					) {
						return $ip;
					}
				}
			}
		}

Can you look into the problem?

Thank you!

Viewing 15 replies - 16 through 30 (of 30 total)

← 1 2

Thread Starter Robert
(@whi73rav3n)

3 years, 1 month ago

@nlpro @shanedelierrr

When Security Check Pro is disabled what I could find so far in my case is that my machine IP comes first and after the IP of the server in a datacenter. Not sure how this happens, but what I know for sure is that on this line https://plugins.trac.wordpress.org/browser/better-wp-security/trunk/core/lib/class-itsec-ip-detector.php#L109 that return value needs to be trimmed

return trim( ITSEC_Lib::last( explode( ‘,’, $value ) ) );

Plugin Support chandelierrr
(@shanedelierrr)

3 years, 1 month ago

@whi73rav3n, thank you for sending your additional findings here. I have forwarded this to our developers for review and will get back to you as soon as I have feedback. I appreciate your patience!

nlpro
(@nlpro)

3 years, 1 month ago

Hi @whi73rav3n,

The iTSec plugin IP detector code as is, indeed seems to expect a comma separated value with no leading spaces for individual IPs. An IP with a leading space will fail on validation. The IP detector algorithm will then fallback to the IP value from $_SERVER[‘REMOTE_ADDR’] … which is the proxy IP!

It seems officially both formats are allowed (with and without a single leading space). So, yup adding a trim() function where you mentioned should fix this. Well done 😉

The test method from my previous post confirms the above.

Plugin Support chandelierrr
(@shanedelierrr)

3 years, 1 month ago

Hi @whi73rav3n, Can you please forward here the following information:
– Contents of $_SERVER for incoming requests from you to the site
– Contents of the security-check-pro settings group from the iTSec Debug page. (How to enable iThemes Security Debug?)

Looking forward to hearing from you!
Thread Starter Robert
(@whi73rav3n)

3 years, 1 month ago
Hello @shanedelierrr

This is the information you have requested
```
Array
(
[SERVER_SOFTWARE] => Apache
[SERVER_PROTOCOL] => HTTP/1.1
[GATEWAY_INTERFACE] => CGI/1.1
[REMOTE_PORT] => 38540
[CONTEXT_PREFIX] =>
[REQUEST_SCHEME] => http
[HTTP_ACCEPT_ENCODING] => gzip, deflate, br
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.5
[HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/111.0
[HTTP_X_FORWARDED_PORT] => 443
[HTTP_X_FORWARDED_PROTO] => https
[HTTP_X_FORWARDED_FOR] => 86.123.106.135, 64.252.69.78
[PHP_SELF] => /index.php
[REQUEST_TIME_FLOAT] => 1680017724.2851
[REQUEST_TIME] => 1680017724
[HTTPS] => on
)

{
"last_scan_timestamp": 1679946299,
"ip_header": {
"name": "HTTP_X_FORWARDED_FOR",
"position_from_end": -1
},
"remote_ip_index": "",
"ssl_supported": true,
"remote_ips_timestamp": 1679946299,
"remote_ips": [
"69.16.197.31",
"69.167.144.232"
]
}
```
Note that in the $_SERVER variable the first value in the HTTP_X_FORWARDED_FOR key is the IP of my machine.

Thank you!
Plugin Support chandelierrr
(@shanedelierrr)

3 years, 1 month ago

@whi73rav3n thank you for sending the info! I’ll get back to you once I receive feedback from our devs.

Plugin Support chandelierrr
(@shanedelierrr)

3 years, 1 month ago

Hi @whi73rav3n, please test this version, then re-run Security Check Pro from Tools > Security Check Pro.

In the Security Logs, please enable showing Debug and Process logs from the “Screen Options” in the top-right of the page. From there, you should see log entries for the security-check-pro module. Look for the entry with the code of scan-request and then copy and send the “Raw Details” here.

Lastly, please also send here the latest security-check-pro settings from the debug page.

Looking forward to hearing back from you!

Plugin Support chandelierrr
(@shanedelierrr)

3 years, 1 month ago

Hi @whi73rav3n, Have you had the chance to test the above?

Thread Starter Robert
(@whi73rav3n)

3 years, 1 month ago

Hello @shanedelierrr

Unfortunately I did not get a change to test this. Will update ASAP.

Thank you!

Plugin Support chandelierrr
(@shanedelierrr)

3 years, 1 month ago

@whi73rav3n understood! Please let me know how the testing went.

Plugin Support chandelierrr
(@shanedelierrr)

3 years, 1 month ago

Hi @whi73rav3n, do you have an update about the testing? We have done some testing on our end that replicates the issue you get, although it would be ideal to have confirmation if it worked on your end.

Thread Starter Robert
(@whi73rav3n)

3 years, 1 month ago

Hello @shanedelierrr

I did not test the version you have sent, but instead looked at all options in the AWS dashboard and found one regarding the X-Forward-For header.

There are 3 options for this setting: to append, to preserve and to remove.

By default it comes with the option to append checked. Using this option the plugin does not work as expected and I am getting the IP address of the load balancer.

If the preserve option is selected, then the plugin is working as expected.

Thank you!

Plugin Support chandelierrr
(@shanedelierrr)

3 years, 1 month ago

Hi @whi73rav3n, I understand. Thank you for the update, and I’ll relay this to our developers. I’ll get back to you if I have feedback from them.

Plugin Support chandelierrr
(@shanedelierrr)

3 years ago

Hi @whi73rav3n, we have deployed a fix for this issue in iTSec 8.1.6. Could you please update to the latest version and let me know if it works on your end? If it does, kindly mark this topic as “Resolved.”

Looking forward to hear from you!

Thread Starter Robert
(@whi73rav3n)

3 years ago

Hello @shanedelierrr

With the load balancer setting set to Preserve it works as expected. However when the setting is set to Append, the plugin displays the IP of the load balancer from what I can tell.

For me at the moment the setting set to Preserve works as expected so I will mark this as Resolved.

Thank you!

Viewing 15 replies - 16 through 30 (of 30 total)

← 1 2

The topic ‘IP Detection does not work’ is closed to new replies.