Support » Plugin: IP Geo Block » Some IP´s are are shown like local

  • Resolved Radek Kucera

    (@bigdrobek)


    Hi,

    few weeks ago I have set-up the code bellow into the function.php to identify right IP addresses

    /* setup IP Goe block to show real IP addresses  */
    $_SERVER['REMOTE_ADDR'] = isset($_SERVER["HTTP_X_FORWARDED_FOR"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"];

    But right now I see some public IPs “Logs->Admin area” but there are too local IP´s in “Logs->Login form”

    detail of one log:

    2017-05-04 00:13:20 10.4.240.7 ZZ multi POST[443]:/xmlrpc.php
    User agent:
    Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0
    HTTP headers:
    HTTP_X_FORWARDED_FOR=92.63.91.108,HTTP_X_REAL_IP=92.63.91.108
    $_POST data:

    Can you help me to push shown local address 10.4.240.7 to real 92.63.91.108
    At least what means result “multi”?

    Thank you for this great plugin 🙂
    Radek

    • This topic was modified 4 years, 4 months ago by Radek Kucera.
    • This topic was modified 4 years, 4 months ago by Radek Kucera.
Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi again Radek,

    I guess your site is placed behind some kind of proxy server. If I’m right, you had better to put your code into wp-config.php.

    Otherwise, if you configured “Validation timing” as “mu-plugins” (ip-geo-block-mu.php) then you should put your code into “drop-in.php” in your
    Geolocation API library. Please refer to Validation timing.

    Regarding “multi”, it is brute force amplification attacks. If you don’t use XML-RPC, then “completely close” is a good choice for you.

    Thread Starter Radek Kucera

    (@bigdrobek)

    Right, I have set-up “Validation timing” as “mu-plugins”. Should I put code bellow into into drop-in.php after renaming?

    * setup IP Goe block to show real IP addresses */
    $_SERVER[‘REMOTE_ADDR’] = isset($_SERVER[“HTTP_X_FORWARDED_FOR”]) ? $_SERVER[“HTTP_X_FORWARDED_FOR”] : $_SERVER[“REMOTE_ADDR”];

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Yes, that’s right.

    Or you can also use custom filter hook in drop-in.php:

    function my_replace_ip( $ip ) {
        /* setup IP Goe block to show real IP addresses */
        return isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
    }
    add_filter( 'ip-geo-block-ip-addr', 'my_replace_ip' );

    In this case, you don’t have to change the global variable.

    Please refer to ip-geo-block-ip-addr.

    Plugin Author tokkonopapa

    (@tokkonopapa)

    One more thing.

    $_SERVER[‘HTTP_X_FORWARDED_FOR’] can potentially have multiple IP addresses like xxx.xxx.xxx.xxx,yyy.yyy.yyy.yyy.

    I think the following code in samples.php is better.

    function my_retrieve_ip( $ip ) {
        if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
            $tmp = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );
            $ip = trim( $tmp[0] );
        }
    
        return $ip;
    }
    add_filter( 'ip-geo-block-ip-addr', 'my_retrieve_ip' );

    Please note that X-Fowarded-for HTTP header can be set by attackers.

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @bigdrobek,

    How are things going? I’ve changed handling private IP addresses in the new version 3.0.3. Probably your “Your IP address / Country” may indicate like “10.4.240.7 / XX (Cache)”.

    The special code “XX” is assigned as private IP address in this plugin and never be blocked. And only you have to do is to put HTTP_X_FORWARDED_FOR into “$_SERVER keys to retrieve extra IP addresses“. Then this plugin extract true IP address from $_SERVER['HTTP_X_FORWARDED_FOR'].

    As a result, you don’t have to put the code snippet that I showed in the previous thread into /wp-content/ip-geo-api/drip-in.php. Please try.

    Thanks.

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Dear Radek and all,

    I’m sorry but:

    The special code “XX” is assigned as private IP address in this plugin

    was wrong. You should put the right country code instead of “XX”.

    Currently, using filter hook ip-geo-block-ip-addr is my original design when the server is placed behind the proxy. But I have to change my design to provide easier UI to retrieve the true IP address as the number of users grows.

    I’ll improve this issue in the next release.

    Thanks.

    Thread Starter Radek Kucera

    (@bigdrobek)

    Hi Tokkonopapa,

    I´ll delete stats, than put HTTP_X_FORWARDED_FOR into “$_SERVER keys to retrieve extra IP addresses“ and we will see.

    Thank,
    🙂

    • This reply was modified 4 years, 3 months ago by Radek Kucera.
Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Some IP´s are are shown like local’ is closed to new replies.