Support » Plugin: Shield Security: Powerful All-In-One Protection » Problem with IP Source

  • Resolved tbclark3

    (@tbclark3)


    I am running WordPress under Docker, and behind an HTTP proxy in order to use SSL. WP receives logins from the LAN (which is 10.1.0.0) and WAN. For the purpose of logging, 10.1.0.0 is a valid IP and should be logged. When I set IP Source to HTTP_X_FORWARDED_FOR, which is the only valid choice, it immediately reverts back to HTTP_CLIENT_IP, which is always blank. I think you have “over-engineered” the automatic function. If I set the IP Source to something appropriate for my environment, it should stay there. Perhaps you could consider adding an “Auto” choice, but otherwise leaving the administrator’s choice intact.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author One Dollar Plugin

    (@onedollarplugin)

    The problem isn’t over-engineering, the issue is local IP addresses. Shield doesn’t consider local IP addresses as public site visitors, so it generally wont permit an IP source which delivers a local IP address. We’ll have a look at perhaps not changing the source when all sources don’t provide a valid IP.

    What I mean by “over engineered” is that you are overriding the user’s decision about legitimate IP addresses when there is no basis for doing so. My logs show both 172.17 and 19.1 subnets for connections from my LAN. Docker usually chooses 172.17, and I chose 10.1. However, it could easily have been the other way. Had I already been using 172.17, I would have configured Docker to use something else, possibly 10.1. You should not, and cannot, make any assumptions about the validity of IP addresses based on whether they are routable or not. My environment, like many, would have non-routable addresses originating from the LAN, and routable addresses originating from the WAN. In addition, almost all of them show a 172.17 address as the REMOTE)ADDR because all of the packets come through Docker.

    I think it would be reasonable for you to offer an option of “Auto” meaning that you would make decisions on the fly about which address is correct. However, if I select HTTP_X_FORWARDED_FOR, it should remain that way, no matter what it contains.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Problem with IP Source’ is closed to new replies.