Firewall logging wrong IP behind proxy

  • Resolved peripatetic

    (@peripatetic)


    9 years ago

    Hi,
    My server setup is to run WP on Apache, behind an nginx proxy server. In apache the correct client IP addresses are logged. However in the Ninja firewall log, it records all events as coming from the server IP, as that is the one passed by the proxy. This makes it hard to see which attacker is doing what.
    Would it be possible to use the IP address from X-forwarded-for: of X-Real-IP: instead of the current setup?
    Ideally this could be a configuration option, but I guess it wouldn’t be bad to double up and include both in the log where available.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter peripatetic

    (@peripatetic)

    9 years ago

    Haha,
    OK, I started looking through the code to see if I could figure this out, and came across a reference to the .htninja file. The documentation for that showed how to use a different header for Cloudflare IPs, so I adapted that. This code seems to work for me:

    // Use different header for IP address
if (! empty($_SERVER["HTTP_X_FORWARDED_FOR"]) &&
 filter_var($_SERVER["HTTP_X_FORWARDED_FOR"],FILTER_VALIDATE_IP)) {
        $_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_X_FORWARDED_FOR"];
}
    Plugin Author nintechnet

    (@nintechnet)

    9 years ago

    Hi,

    Ideally this could be a configuration option.

    This is a feature available in the premium WP+ Edition only.
    But in the free WP Edition, you can indeed use the .htninja script for that purpose.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Firewall logging wrong IP behind proxy’ is closed to new replies.

Tags