Support » Plugin: Wordfence Security - Firewall & Malware Scan » Unable to detect IPs (checked all forum suggestions)

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @lukascech and thanks for reaching out to us!

    You will need to add the Ezoic IPs to the Trusted Proxies on the Wordfence > All Options > General Wordfence Options > How does Wordfence detect IP’s section.

    Here is the list of IPs you will need to add:
    https://support.ezoic.com/kb/article/how-to-fix-origin-errors

    Once this is in place, you will most likely also need to select the Use the X-Forwarded-For HTTP header options as well.

    Let me know if this solves your issue! Thanks again.

    Thread Starter lukascech

    (@lukascech)

    Hi Adam,

    as mentioned in my original post, I did all of that – everything you describe, it’s already added.

    Lukas

    Plugin Support WFAdam

    (@wfadam)

    Go ahead and send me a diagnostic and let’s go from there then:

    Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

    Thanks again!

    Thread Starter lukascech

    (@lukascech)

    done, report sent as requested.

    Thread Starter lukascech

    (@lukascech)

    I’ve been told by Ezoic to “ask specifically about how the xxf header has been setup and if they (Wordfence) can confirm that there are no issues with it?”

    Plugin Support WFAdam

    (@wfadam)

    All the settings look correct in the diagnostic.

    If you open the diagnostic and go to the IP detection area, you will see an IP that starts with 3.70.xx.xxx. Add that to the trusted proxies.

    Let me know if that changes the way IP is detected.

    Thanks again!

    Thread Starter lukascech

    (@lukascech)

    the trouble is that the IP in the IP detection (diagnostics) changes – I see an AWS IP in there now: 18.197.191.20

    but if I add this one, it’s going to change over time, it has before.

    And the detected IP in the “how does wordfence detect IPs” section is different – 3.66.XXX.XX

    Plus I really don’t want to add an AWS generic IP to the trusted proxies – all kinds of spammers might use it (I’d guess).

    Thread Starter lukascech

    (@lukascech)

    As Cloudways wasn’t cutting it for me, I have moved the website to Kinsta today and voila, the IP is detected fine.

    So it was a Cloudways issue (maybe because Cloudways + Ezoic don’t work that well together, no idea).

    But we won’t be able to determine now, as Kinsta seems better, also in handling my traffic and server load.

    Thread Starter lukascech

    (@lukascech)

    Hi all,

    I have since moved my site to Rocket.net and the IP detection is an issue again.

    I dug into it further with all parties involved (Ezoic, Rocket.net) and found out that the syntax for the X Forwarded For header is as follows:

    <clientIP>, <proxyIP>, <proxyIP>

    Therefore, Wordfence does get the first <client> IP but chooses the last one for security purposes.

    If it took the first one, all would be fine.

    Isn’t your handling of XFF header misconfigured? As my IP does appear in the first place, but you ignore it and choose the proxy2 address at the end, which isn’t relevant.

    According to Wordfence, “We choose the last IP in the list after removing all that are listed as trusted proxies because that is the only IP that can be trusted not to have been tampered with.”

    But it seems to me that the first IP is the correct one (always my own in my case) and the last ones can be tampered with (as they change every few times, being proxies).

    Shouldn’t WordFence use the first IP in the list?

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.