Title: https problem IP Geo Block Last modified: December 8, 2017 --- # https problem IP Geo Block * Resolved [cybergirl](https://wordpress.org/support/users/cybergirl/) * (@cybergirl) * [8 years, 6 months ago](https://wordpress.org/support/topic/https-problem-ip-geo-block/) * As my page is not secured by https, I’m having some false blocks, when useres are coming from Google. HTTP_REFERER=https://www.google.de/,HTTP_UPGRADE_INSECURE_REQUESTS =1, How to disable the HTTP_UPGRADE_INSECURE_REQUESTS in geop IP block plugin? Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Author [tokkonopapa](https://wordpress.org/support/users/tokkonopapa/) * (@tokkonopapa) * [8 years, 6 months ago](https://wordpress.org/support/topic/https-problem-ip-geo-block/#post-9763635) * Hi [@cybergirl](https://wordpress.org/support/users/cybergirl/), * > As my page is not secured by https, I’m having some false blocks, when useres > are coming from Google. * Well, I’m not sure about your country, but do you mean you want to block the users coming from the search results in google.de? If the users coming from the blacklisted country (or the country not in the whitelist), this plugin works as you expected. * > How to disable the HTTP_UPGRADE_INSECURE_REQUESTS in geop IP block plugin ? * Do you mean you want to block it? If so, I don’t understand the reason. It helps to avoid mixed-content warnings. Please refer to [Upgrade Insecure Requests Sample](https://googlechrome.github.io/samples/csp-upgrade-insecure-requests/). * Thread Starter [cybergirl](https://wordpress.org/support/users/cybergirl/) * (@cybergirl) * [8 years, 6 months ago](https://wordpress.org/support/topic/https-problem-ip-geo-block/#post-9765571) * Hi tokkonopapa, * no. I want just the opposite. IP Geo Block is blocking users like this: * Request GET[80]:/prestashop-1-5-x-eigene-php-ini/ User agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 HTTP headers HTTP_REFERER=https://www.google.de/,HTTP_UPGRADE_INSECURE_REQUESTS =1,HTTP_X_ACCEL_INTERNAL=/internal-nginx-static-location,HTTP_X_REAL_IP=62.91.64.158 $_POST data * For my understanding, please confirm: If I make changes on settings and don’t clear cache, than the country will be blocked. Is this the reason for that false blockings ? * And what’s about this reason: HTTP_X_IMFORWARDS=20 It was also a German IP. Do you have any info material what this HTTP_X_IMFORWARDS means ? It is a server error, or what ? On server error logs I didn’t find anything. - This reply was modified 8 years, 6 months ago by [cybergirl](https://wordpress.org/support/users/cybergirl/). * Plugin Author [tokkonopapa](https://wordpress.org/support/users/tokkonopapa/) * (@tokkonopapa) * [8 years, 6 months ago](https://wordpress.org/support/topic/https-problem-ip-geo-block/#post-9765734) * Hi [@cybergirl](https://wordpress.org/support/users/cybergirl/), * Sorry my misunderstanding about “false blocking”, but yet I’d confirm something about your situation. * The access * > GET[80]:/prestashop-1-5-x-eigene-php-ini/ > … * seems that someone in German visited to your site from the search engine results by [https://google.de/](https://google.de/). However, IPGB blocked it against your settings. * ==> Am I true? * If your settings can accept the country GE, one possibility may be in “**UA string and qualification**“. * To confirm the reason, I have some questions: * 1. Can you still find the above access in Logs? What does the “**Result**” column says, “blocked” or others? 2. The country code of the above IP address was GE? 3. Does your server always set the variable `HTTP_X_REAL_IP`? I’d like to know the value of `HTTP_X_REAL_IP` can always be trusted or not. 4. Could you check your rules in “**UA string and qualification**“? Or let me know them. * Regarding to your question, I never know `HTTP_X_IMFORWARDS`. Nor does the google. Can you always find it in Logs? * Basically, user agent (e.g. browser, bot, …) can send an arbitrary named HTTP header. So I think it was set by the user agent, and I think you can ignore it. * Thanks for your information. - This reply was modified 8 years, 6 months ago by [tokkonopapa](https://wordpress.org/support/users/tokkonopapa/). - This reply was modified 8 years, 6 months ago by [tokkonopapa](https://wordpress.org/support/users/tokkonopapa/). Reason: Add question No.4 * Plugin Author [tokkonopapa](https://wordpress.org/support/users/tokkonopapa/) * (@tokkonopapa) * [8 years, 6 months ago](https://wordpress.org/support/topic/https-problem-ip-geo-block/#post-9765771) * Hi, * I forgot to answer your question: * > For my understanding, please confirm: If I make changes on settings and don’t > clear cache, than the country will be blocked. Is this the reason for that > false blockings ? * The IP address cache of IPGB holds the country code and the number of fails to login. So I can’t find any cause of your issue. * By the way, I found the information about the HTTP header named “X-IMForwards” in [here](https://www.aqtronix.com/headers/?Action=ShowDetails&Name=X%2DIMForwards). It may be set by some kind of firewall on IIS server. * Please refer to [https://www.aqtronix.com/](https://www.aqtronix.com/) and ask to your server admin. - This reply was modified 8 years, 6 months ago by [tokkonopapa](https://wordpress.org/support/users/tokkonopapa/). * Thread Starter [cybergirl](https://wordpress.org/support/users/cybergirl/) * (@cybergirl) * [8 years, 6 months ago](https://wordpress.org/support/topic/https-problem-ip-geo-block/#post-9766145) * Hi, * seems that the false blocking was due to some cache. DE is now working. I’m on VPS network. I’m not using any kind of firewall. The network is secured against DDOS. Before users can access to my page they must pass a kind of honeypot. Perhaps this script is forcing Real IP. I don’t know in 100%. * I’m not on IIS server. I’m on Apache latest version and ngnix proxied. Strange this one lock I had… I also never seen this type of HTTP Header X-Imforwards. Perhaps really some kind of browser specialty… I’m myself the server admin… As stated before, error logs also checked and no entry. Quite strange thing. But it was only one block with this kind of protocol. So I will only keep an eye on it for now. * Thank you for your help. Problem of false blocking was solved after all caches emptied. * Conny - This reply was modified 8 years, 6 months ago by [cybergirl](https://wordpress.org/support/users/cybergirl/). * Plugin Author [tokkonopapa](https://wordpress.org/support/users/tokkonopapa/) * (@tokkonopapa) * [8 years, 6 months ago](https://wordpress.org/support/topic/https-problem-ip-geo-block/#post-9766259) * Hi Conny, * Thank you for your feedback. If you find something strange, please let me know. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘https problem IP Geo Block’ is closed to new replies. * ![](https://ps.w.org/ip-geo-block/assets/icon-128x128.png?rev=1148568) * [IP Geo Block](https://wordpress.org/plugins/ip-geo-block/) * [Frequently Asked Questions](https://wordpress.org/plugins/ip-geo-block/#faq) * [Support Threads](https://wordpress.org/support/plugin/ip-geo-block/) * [Active Topics](https://wordpress.org/support/plugin/ip-geo-block/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ip-geo-block/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ip-geo-block/reviews/) ## Tags * [HTTPS](https://wordpress.org/support/topic-tag/https/) * 6 replies * 2 participants * Last reply from: [tokkonopapa](https://wordpress.org/support/users/tokkonopapa/) * Last activity: [8 years, 6 months ago](https://wordpress.org/support/topic/https-problem-ip-geo-block/#post-9766259) * Status: resolved