Robert

Hello @shanedelierrr

I did not test the version you have sent, but instead looked at all options in the AWS dashboard and found one regarding the X-Forward-For header.

There are 3 options for this setting: to append, to preserve and to remove.

By default it comes with the option to append checked. Using this option the plugin does not work as expected and I am getting the IP address of the load balancer.

If the preserve option is selected, then the plugin is working as expected.

Thank you!

Hello @shanedelierrr

This is the information you have requested

Array
(
[SERVER_SOFTWARE] => Apache
[SERVER_PROTOCOL] => HTTP/1.1
[GATEWAY_INTERFACE] => CGI/1.1
[REMOTE_PORT] => 38540
[CONTEXT_PREFIX] =>
[REQUEST_SCHEME] => http
[HTTP_ACCEPT_ENCODING] => gzip, deflate, br
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.5
[HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/111.0
[HTTP_X_FORWARDED_PORT] => 443
[HTTP_X_FORWARDED_PROTO] => https
[HTTP_X_FORWARDED_FOR] => 86.123.106.135, 64.252.69.78
[PHP_SELF] => /index.php
[REQUEST_TIME_FLOAT] => 1680017724.2851
[REQUEST_TIME] => 1680017724
[HTTPS] => on
)

{
"last_scan_timestamp": 1679946299,
"ip_header": {
"name": "HTTP_X_FORWARDED_FOR",
"position_from_end": -1
},
"remote_ip_index": "",
"ssl_supported": true,
"remote_ips_timestamp": 1679946299,
"remote_ips": [
"69.16.197.31",
"69.167.144.232"
]
}

Note that in the $_SERVER variable the first value in the HTTP_X_FORWARDED_FOR key is the IP of my machine.

Thank you!

Hi @nlpro @shanedelierrr

When Security Check Pro is enabled the IP detection would work properly if on this line https://plugins.trac.wordpress.org/browser/better-wp-security/trunk/core/lib/class-itsec-ip-detector.php#L123 the code would be

$parts = preg_split( ‘/[, ]/’, $value, -1, PREG_SPLIT_NO_EMPTY );

because as it is now an empty value is being added by that preg_split function which should not be there.

You can test it with this value 1.2.3.4, 5.6.7.8 and see the results.

I have not yet found a solution for when Security Check Pro is disabled, but the main difference so far is that Security Check Pro adds the X-Forwarded-For header with position 1 and from set to right, while when disabled this header is being added with position -1 and from set to left.

• This reply was modified 3 years, 1 month ago by Robert.

Hi @shanedelierrr

I am getting the same invalid IP address when running with Security Check Scan as with the other options.

@nlpro The HTTP_X_FORWARDED_FOR key in the $_SERVER variable contains only one IP address, that of my machine, which from the documentation of Cloudfront it is possible.

What I understand from you is the problem comes from the fact it contains only one value. Am I getting this right?

Hi @nlpro

The X-Forwarded-For does not work since it obtains the IP address of the load balancer.

As for your suggestion, I do not have that option under the Tools section of the plugin.

Thank you!