• Resolved bladez614

    (@bladez614)


    For some reason wp security isnt giving me the clients IP. All login attempts come from the server host IP. I tried logging in via my mobile phone and it was the same issue.

    Thank You,

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Support vupdraft

    (@vupdraft)

    Do you know if your hosting uses load balancers?

    Thread Starter bladez614

    (@bladez614)

    I do not its hosted through azure web app service and its windows server. Not sure that helps at all. I will periodically get 1 random ip out of 200+ results.

    Plugin Support vupdraft

    (@vupdraft)

    Thread Starter bladez614

    (@bladez614)

    I looked on my server and it doesnt appear like i have load balancing and im pretty sure it used to work just not sure when it stopped. I did get the login attempts down to 1 a minute after enabling the recaptcha.

    Plugin Support vupdraft

    (@vupdraft)

    Do you use Cloudflare?

    • This reply was modified 4 years, 2 months ago by vupdraft.
    Thread Starter bladez614

    (@bladez614)

    nope

    Plugin Support vupdraft

    (@vupdraft)

    I will ask our development team to see if they have any further insights.

    Plugin Support vupdraft

    (@vupdraft)

    Hi,

    I have checked with our development team and they say that this is server related and you should check with your hosts.

    Thread Starter bladez614

    (@bladez614)

    Should there be more in the htaccess file? (I crossed out the ips and website in the below) I havent changed anything on the azure side so i dont understand how or when it broke because it used to work and i have another plugin that gets the proper ips.

    # BEGIN All In One WP Security
    #AIOWPS_LOGIN_WHITELIST_START
    <FilesMatch “^(wp-login\.php)”>
    <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Allow from xxxxxx.org
    Allow from XX.XXX.XXX.X
    Allow from XXX.XX.XX.XX
    </IfModule>
    <IfModule mod_authz_core.c>
    Require all denied
    Require local
    Require ip XXX.X.X.X
    Require host XXXXXXX.org
    Require ip XXX.XX.XX.XX
    </IfModule>
    </FilesMatch>
    #AIOWPS_LOGIN_WHITELIST_END
    # END All In One WP Security

    Plugin Support vupdraft

    (@vupdraft)

    Are the number of failed logins the same for both plugins?

    I had the same problem with Azure sending the wrong external IP address. The new update to this plugin doesn’t deal with the port number coming from ‘HTTP_X_FORWARDED_FOR’ and therefore tries to get the external IP address from the wrong place. In order to fix this on Azure, I put the lines below in my wp-config.php file. They remove the port number from the end of the IP address Azure serves up in the ‘HTTP_X_FORWARDED_FOR’ before it gets to the Security plugin so that the external IP address function in the plugin is never fired off and pulling the wrong IP address.

    $_SERVER['REMOTE_ADDR'] = current(explode(',', current(explode(':', $_SERVER['HTTP_X_FORWARDED_FOR']))));
    $_SERVER['HTTP_X_FORWARDED_FOR'] = current(explode(',', current(explode(':', $_SERVER['HTTP_X_FORWARDED_FOR']))));

    Before the update to 4.4.12, the plugin removed the port number itself, now it just ignores the port number.

    Try throwing those two lines into wp-config.php and it should work nicely with Azure.

    Thread Starter bladez614

    (@bladez614)

    Does it matter where in the wp-config file i put that code?

Viewing 12 replies - 1 through 12 (of 12 total)

The topic ‘Login IP not an external IP’ is closed to new replies.