Behind proxy

  • Resolved qerghgfjkgk

    (@qerghgfjkgk)


    2 months, 2 weeks ago

    Hi there,

    Even with v5.4.4 the problem is still not fixed and actually got worse.

    Before I could see original IP behind proxy, now it shows only proxy IP.

    Any help???

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor Parhum Khoshbakht

    (@parhumm)

    2 months, 2 weeks ago

    Hi @qerghgfjkgk ,

    Thanks for flagging this — we appreciate you sticking with us through the updates.

    We hear you: seeing only the proxy IP when you used to see the real visitor IP is frustrating. Here’s what’s likely going on.

    Since v5.4.0, we tightened the privacy defaults — GDPR Compliance Mode, Hash IP, and Anonymize IP are now all ON by default. When GDPR is enabled and a visitor hasn’t granted consent yet, we force IP hashing for privacy compliance. That hashing intentionally clears the originating IP (the real one behind your proxy). So even if your proxy is forwarding headers correctly, SlimStat won’t store the originating IP in that scenario.

    The quickest fix: head to SlimStat > Settings > Tracker > Data Protection and turn OFF “Hash IP Addresses.” If you also have GDPR Compliance Mode enabled, the originating IP will only appear for visitors who’ve granted consent — that’s by design. If you don’t need GDPR mode at all, turning that off too will restore full IP visibility for everyone.

    “Anonymize IP Addresses” is safe to leave ON — it masks the last octet but still preserves both the proxy IP and the originating IP.

    Could you let us know what proxy or CDN you’re behind (Cloudflare, Nginx, HAProxy, etc.)? That’ll help us rule out any header-level issues on top of the settings change.

    Thanks

    Plugin Contributor Parhum Khoshbakht

    (@parhumm)

    2 months, 1 week ago

    Hi @qerghgfjkgk ,

    Good news — we just released v5.4.6, and it should fix this for you.

    We heard you: upgrading to 5.4.x broke tracking for many of you. Visitor counts dropped to zero, IPs were masked without your permission, and a consent banner appeared on sites that never asked for one. This release fixes all of that. After updating, your site works the way it did before 5.4.0 — no manual steps required.

    If you’re using a caching plugin (WP Rocket, W3TC, etc.), clear your cache after updating so the new tracker script loads.

    Then visit a few pages on your site and check the Access Log — you should see new data coming in with the correct IPs. If anything still looks off, let us know and we’ll dig in.

    Thanks for your patience through all of this.

    Thread Starter qerghgfjkgk

    (@qerghgfjkgk)

    2 months, 1 week ago

    Thank you.

    • This reply was modified 2 months, 1 week ago by qerghgfjkgk.
Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.