Hi there Viktor,
Yes, we are aware of this and we actually addressed this in a previous version of our plugin but it was generating issues with some of our WAF users so we reverted it back for now.
We will work on a better solution so non-WAF users won’t be negatively affected by this. We’re sorry for any inconvenience in the meanwhile.
Thank you for bringing this up, we appreciate all feedback we can get 🙂
Thank you!
Something like define( 'SUCURI_NO_WAF_HERE', true );
Please post here when it is implemented.
Typo in sucuri.php:732
Check whether the site is behinG
It seems very easy to insert a line in is_behind_cloudproxy() that returns false on a condition.
Wait!
There is a setting for this: “Support reverse proxy”
Which is disabled by default.
You must know it better than me. I just a self proclaimed Sucuri contributor.
BTW Turning it on a security risk because an HTTP request could contain a fake IP address in one of these headers:
‘HTTP_X_SUCURI_CLIENTIP’,
‘HTTP_X_REAL_IP’,
‘HTTP_CLIENT_IP’,
‘HTTP_X_FORWARDED_FOR’,
‘HTTP_X_FORWARDED’,
‘HTTP_FORWARDED_FOR’,
‘HTTP_FORWARDED’,
‘SUCURI_RIP’,
‘REMOTE_ADDR’,
This may take some days, but for now: 1194834 [1]
I am planning to add an option to opt-out of this thing easily from the settings page, or maybe I will add a button during the setup of the plugin (when the API key is generated) asking the user to configure some variables (like this) before start using this extension.
[1] http://plugins.trac.ww.wp.xz.cn/changeset/1194834
Thank you very much for this constant NOT_USING_CLOUDPROXY.
I’ll define this in my Sucuri plugin add-on:
https://github.com/szepeviktor/sucuri-cleanup
Dear Yorman!
Do think it is a good idea to release this “plugin” on WP.org?
Yes why not.
The WordPress marketplace tends to be visited by non-developers, I do not imagine this people going to GitHub to search a WordPress plugin or theme, also the plugin manager available in the admin area is not designed to work with external services, so it is a good idea to facilitate the installation of these extensions through the official WordPress plugins page.
Thank you.
It’ll be soon available.
https://ww.wp.xz.cn/plugins/sucuri-cleanup/
Of course I won’t use or imitate your logo.
Could you help me what image should I set as plugin logo and banner image?
I am not a designer, but that looks good.
