BrianJM
Forum Replies Created
-
I have done as you suggested. Thanks for the help!
Fair enough. Long story short, SSL requests have the localhost IP appended and standard requests do not (SSL termination is completed before Varnish).
I’ve seen NF block brute force attempts already. When it does this, and two IP addresses are provided, does NF use the combination of both IP addresses?
In the example below, what IP address is used here to block BF attempts? “89.97.141.237”, “89.97.141.237, 127.0.0.1”, or “127.0.0.1”?
[1428536217] [0.00142] [mydomain.com] [#6517592] [0] [3] [89.97.141.237, 127.0.0.1] [401] [POST] [/wp-login.php] [Brute-force attack detected on wp-login.php] [enabling HTTP authentication for XXmn]
Yes, but only so that HTTP_X_FORWARDED_FOR is taken into account. Apache sits behind a Varnish cache server.
Here is the .htninja:
if ( isset($_SERVER[‘HTTP_X_FORWARDED_FOR’]) ) {
$_SERVER[“REMOTE_ADDR”] = $_SERVER[‘HTTP_X_FORWARDED_FOR’];
}Sent!
The same theme is used. The same plugins are activated.
I am not using the widget. The settings are the same for the Subscribe2 plugin.
Forum: Plugins
In reply to: [Plugin: JSON API] Invalid JSON returned from post related callsThat corrected the issue for me as well. Thank you so much!