Support » Plugin: Wordfence Security - Firewall & Malware Scan » Wordfence blocking all requests through Cloudflare

  • I have a WordPress site on an origin server that is hidden behind Cloudflare DNS. Brute force/bad logins are being blocked by Wordfence but instead of blocking the source IP, Wordfence is blocking the Cloudflare IP, and therefore ALL subsequent, valid page requests.

    The $_SERVER[“REMOTE_ADDR”] value is the Cloudflare IP, not the remote hacker IP. I believe that this can be remedied by updating your firewall/functionality to use the $_SERVER[“HTTP_CF_CONNECTING_IP”] value when present (This is set by Cloudflare), so that these sweeping false positives don’t recur?

    I can’t add the Cloudflare IP to the whitelist since that will also whitelist all the hackers, so there really isn’t another solution that I can think of. I’m open to suggestions.

    Many thanks!

    • This topic was modified 1 year, 4 months ago by wordcrunch.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter wordcrunch

    (@wordcrunch)

    Furthermore, the reset email links are all messed up – the link is for a domain that is based on the send domain (different from the actual site domain – we use email.mg.mydomain.com since all email is routed through Mailgun – this is not uncommon, email should never be hosted on the same domain as a website! So the reset link is http://email.mg.mydomain.com/blablabla which is not a location that exists. Also why not https? http is not a protocol that is allowed due to HSTS.

    Then, after correcting the link manually it does not work. Instead, I get a Not Found error:

    Not Found
    The requested URL /c/eJxVTktuwyAQPQ1eIhgYsBcsUrmWuqjUG1QwQLESmyg4inL7kk2lSm_1_tFpb62yw-pAgBAgUSBOCFxyO8_GIL5NYBfzbgTTYvvh7bpSaiVFTnUbihuNJUSfYAxGBk05SwUx54hektbjcHHlOK6NqRODpeNfwYtSy_cjt8zUfN8vlc4n6npjYM7p2UmjbQgBvTCGpLcRRxREMoGKhJOAbsz3nf7in8-Pr-HmHvUWc9opcR-3de_nS62ltuM1-wsKekrZ was not found on this server.

    I am currently unable to access the site except by logging in via ssh. Not that this provides a practical path to a solution…

    Plz halp! So broken…

    • This reply was modified 1 year, 4 months ago by wordcrunch.

    Hey @wordcrunch,

    Are you able to share the URL?

    Can you please send me a Diagnostics report so I can get a better overview of your environment? Please navigate to Wordfence > Tools > Diagnostics. Here you can select SEND REPORT BY EMAIL. Please include your WordPress.org username and update this thread after you’ve sent it.

    Regarding the email reset link, can you please check in WordPress Dashboard > Settings > General to make sure the Site and WordPress URLs are correctly set using https?

    Please let me know.

    Thanks,

    Gerroald

    Hey @wordcrunch,

    We haven’t heard back from you in a while, so I’ve gone ahead and marked this thread as resolved.

    Please feel free to open another thread if you’re still having issues with Wordfence.

    Thanks,

    Gerroald

    Thread Starter wordcrunch

    (@wordcrunch)

    I sent this email as soon as I saw your reply… Not sure why you didn’t get it, I didn’t get a bounce notice.

    In any case (and for others who encounter this issue) I’ve added a script to replace $_SERVER[“REMOTE_ADDR”] with Cloudflare’s $_SERVER[“HTTP_CF_CONNECTING_IP”] and auto-prepended via .htaccess.

    There are other bugs in Wordfence that this issue has revealed:

    1. Wordfence should be using the stored home or site_url string rather than the email domain to generate the reset link. This seems like a pretty obvious bug that shouldn’t require any further diagnostic information.

    2. Regarding https in the link, maybe checking the request uri protocol and matching that if it is https is the better way. Many sites force upgrade via HSTS or other dns-based techniques and the stored site_url & home options won’t be authoritative in these cases.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Wordfence blocking all requests through Cloudflare’ is closed to new replies.