Title: Problem reverse proxy option using CDN AWS CloudFront Last modified: October 30, 2021 --- # Problem reverse proxy option using CDN AWS CloudFront * Resolved [lucianodefranco](https://wordpress.org/support/users/lucianodefranco/) * (@lucianodefranco) * [4 years, 5 months ago](https://wordpress.org/support/topic/problem-reverse-proxy-option-using-cdn-aws-cloudfront/) * I have a problem with the plugin Geolocation IP Detection since I added AWS CloudFront CDN. I use the plugin with Maxmind Precision Web-API. * I have enabled the reverse proxy option, because I actually see the correct IP of the client in the “With Proxy” label. Exactly this is what I read under the heading of the reverse proxy: * `(With Proxy: 93.46.97.164, 130.176.90.85 - Without Proxy: 172.26.26.89 - Client IP with current configuration: 130.176.90.85)` * The correct IP of my client is **93.46.97.164** (located in Italy), ie the one on the left indicated in “With Proxy” label. However he takes the second one,** 130.176.90.85** (located in USA), which is the IP of CloudFront!!! * The IP “Without Proxy” 172.26.26.89 (located in France) is of the Amazon server on the wordpress is running, so I think it is correct to select the reverse proxy option. * Depending on whether you activate the Reverse Proxy option or not, the plugin locates me in the USA or France, but never in Italy! * How can I solve? * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fproblem-reverse-proxy-option-using-cdn-aws-cloudfront%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 10 replies - 1 through 10 (of 10 total) * Plugin Author [Benjamin Pick](https://wordpress.org/support/users/benjaminpick/) * (@benjaminpick) * [4 years, 5 months ago](https://wordpress.org/support/topic/problem-reverse-proxy-option-using-cdn-aws-cloudfront/#post-15024674) * Did you add 130.176.90.85 to the reverse proxy whitelist? * Thread Starter [lucianodefranco](https://wordpress.org/support/users/lucianodefranco/) * (@lucianodefranco) * [4 years, 5 months ago](https://wordpress.org/support/topic/problem-reverse-proxy-option-using-cdn-aws-cloudfront/#post-15029556) * In the meantime, thanks for the quick reply.. * I tried to add 130.176.90.85 to the reverse proxy whitelist, but nothing has changed. But I don’t quite understand where it says in the whitelist part that you have to put the IPv6 address as well… I added only “130.176.90.85” in the input box… can it be for this? Furthermore, the address 130.176.90.8 corresponds to the CloudFront CDN, so it does not remain constant, it is destined to change according to the connected user! Do you have any other suggestions for us? * Thanks in advance * Plugin Author [Benjamin Pick](https://wordpress.org/support/users/benjaminpick/) * (@benjaminpick) * [4 years, 5 months ago](https://wordpress.org/support/topic/problem-reverse-proxy-option-using-cdn-aws-cloudfront/#post-15032242) * Here is the complete list of Cloudflare IPs: [https://www.cloudflare.com/ips/](https://www.cloudflare.com/ips/) It’s a bit lengthy, but you could save them all … * Plugin Author [Benjamin Pick](https://wordpress.org/support/users/benjaminpick/) * (@benjaminpick) * [4 years, 5 months ago](https://wordpress.org/support/topic/problem-reverse-proxy-option-using-cdn-aws-cloudfront/#post-15032565) * Oh wait, you said cloudfront … [https://forums.aws.amazon.com/ann.jspa?annID=2051](https://forums.aws.amazon.com/ann.jspa?annID=2051) * Thread Starter [lucianodefranco](https://wordpress.org/support/users/lucianodefranco/) * (@lucianodefranco) * [4 years, 5 months ago](https://wordpress.org/support/topic/problem-reverse-proxy-option-using-cdn-aws-cloudfront/#post-15039889) * Ok, so I have to enter all the IPs present in [https://ip-ranges.amazonaws.com/ip-ranges.json](https://ip-ranges.amazonaws.com/ip-ranges.json), separated by commas, in the “IPs of trusted proxies” input box of the plugin, correct? * To give an example, taking the first 5 IPs of the linked json file, I have to enter this in the “IPs of trusted proxies” field of the plugin: * `3.5.140.0/22,13.34.37.64/27,35.180.0.0/16,43.224.79.174/31,52.93.153.170/32` * It’s correct? * In this way these IP ranges will be skipped and therefore the IP 93.46.97.164 will be assumed as the client. Quite right? * Thread Starter [lucianodefranco](https://wordpress.org/support/users/lucianodefranco/) * (@lucianodefranco) * [4 years, 5 months ago](https://wordpress.org/support/topic/problem-reverse-proxy-option-using-cdn-aws-cloudfront/#post-15045015) * Hi [@benjaminpick](https://wordpress.org/support/users/benjaminpick/) , unfortunately something is wrong… * **IP detected:** * External Server IP: 15.188.79.253 (Paris, WebServer hosted in AWS EC2) REMOTE_ADDR: 172.26.15.14 (reserved IP address) HTTP_X_FORWARDED_FOR: **93.46.97.164** (Browser IP), 130.176.111.36 (US CloudFront) * Here are the tested steps: * **1.** “The server is behind a reverse proxy” option **disabled**. I read this:`( With Proxy: 93.46.97.164, 130.176.111.39 - Without Proxy: 172.26.26.89 - Client IP with current configuration: 172.26.26.89)` * **2.** “The server is behind a reverse proxy” option **enabled**. I read this:`( With Proxy: 93.46.97.164, 130.176.111.19 - Without Proxy: 172.26.26.89 - Client IP with current configuration: 130.176.111.19)` * **3.** “The server is behind a reverse proxy” option **enabled** and and the input box “IPs of trusted proxies” set to “130.176.111.19” (IP CloudFront). I would expect to finally get “Client IP with current configuration: 93.46.97.164”, but I read this: `(With Proxy: 93.46.97.164, 130.176.111.19 - Without Proxy: 172.26.26.89 - Client IP with current configuration: 172.26.26.89)` * In short, by valuing the input field “IPs of trusted proxies” in any way, it is as if you disabled the “The server is behind a reverse proxy” option! How come this? * [Benjamin Pick](https://wordpress.org/support/users/benjamin4/) * (@benjamin4) * [4 years, 5 months ago](https://wordpress.org/support/topic/problem-reverse-proxy-option-using-cdn-aws-cloudfront/#post-15047518) * Hi lucianodefranco, * oh, that’s because 172.26.26.89 as an internal IP is not whitelisted yet… * Can you add `10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16` to the list and see if it works then? I might add an option for this in future versions of the plugin, but adding these ranges should work for you. * Yes you observed correctly – adding a reverse proxy changes the behavior. Because by default, if no whitelist is there, the first proxy is assumed as reverse proxy– but in your case, there are two reverse proxy, so you need to specify them. * [Benjamin Pick](https://wordpress.org/support/users/benjamin4/) * (@benjamin4) * [4 years, 5 months ago](https://wordpress.org/support/topic/problem-reverse-proxy-option-using-cdn-aws-cloudfront/#post-15047573) * There is another problem – of course AWS might change these IP ranges anytime. So I guess I have to add downloading the file and updating these ranges to the plugin … I have added this as a feature request: * [https://github.com/yellowtree/geoip-detect/issues/160](https://github.com/yellowtree/geoip-detect/issues/160) * Thread Starter [lucianodefranco](https://wordpress.org/support/users/lucianodefranco/) * (@lucianodefranco) * [4 years, 5 months ago](https://wordpress.org/support/topic/problem-reverse-proxy-option-using-cdn-aws-cloudfront/#post-15049511) * Ok [@benjamin4](https://wordpress.org/support/users/benjamin4/) , now it’s clear. * We thought that the first IP was already discarded by the reverse proxy option and therefore should not be added there … Maybe you could improve the description of the field 🙂 * Yes, our example with that specific IP was just a test, we know that it will then be necessary to manually add the entire IP list of the CDN … But in the meantime we wanted to test the correct functioning with a single IP;) * Adding lists as a plugin feature seems like a great idea for the future to me! * Thanks again for the invaluable support! * [Benjamin Pick](https://wordpress.org/support/users/benjamin4/) * (@benjamin4) * [4 years, 5 months ago](https://wordpress.org/support/topic/problem-reverse-proxy-option-using-cdn-aws-cloudfront/#post-15051225) * Ok yes … Viewing 10 replies - 1 through 10 (of 10 total) The topic ‘Problem reverse proxy option using CDN AWS CloudFront’ is closed to new replies. * ![](https://ps.w.org/geoip-detect/assets/icon-256x256.jpg?rev=978998) * [Geolocation IP Detection](https://wordpress.org/plugins/geoip-detect/) * [Frequently Asked Questions](https://wordpress.org/plugins/geoip-detect/#faq) * [Support Threads](https://wordpress.org/support/plugin/geoip-detect/) * [Active Topics](https://wordpress.org/support/plugin/geoip-detect/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/geoip-detect/unresolved/) * [Reviews](https://wordpress.org/support/plugin/geoip-detect/reviews/) ## Tags * [cdn](https://wordpress.org/support/topic-tag/cdn/) * [CloudFront](https://wordpress.org/support/topic-tag/cloudfront/) * [IP](https://wordpress.org/support/topic-tag/ip/) * [proxy](https://wordpress.org/support/topic-tag/proxy/) * 10 replies * 3 participants * Last reply from: [Benjamin Pick](https://wordpress.org/support/users/benjamin4/) * Last activity: [4 years, 5 months ago](https://wordpress.org/support/topic/problem-reverse-proxy-option-using-cdn-aws-cloudfront/#post-15051225) * Status: resolved