Some IP′s are are shown like local

Hi again Radek,

I guess your site is placed behind some kind of proxy server. If I’m right, you had better to put your code into wp-config.php.

Otherwise, if you configured “Validation timing” as “mu-plugins” (ip-geo-block-mu.php) then you should put your code into “drop-in.php” in your
Geolocation API library. Please refer to Validation timing.

Regarding “multi”, it is brute force amplification attacks. If you don’t use XML-RPC, then “completely close” is a good choice for you.

Right, I have set-up “Validation timing” as “mu-plugins”. Should I put code bellow into into drop-in.php after renaming?

* setup IP Goe block to show real IP addresses */
$_SERVER[‘REMOTE_ADDR’] = isset($_SERVER[“HTTP_X_FORWARDED_FOR”]) ? $_SERVER[“HTTP_X_FORWARDED_FOR”] : $_SERVER[“REMOTE_ADDR”];

Yes, that’s right.

Or you can also use custom filter hook in drop-in.php:

function my_replace_ip( $ip ) {
    /* setup IP Goe block to show real IP addresses */
    return isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
}
add_filter( 'ip-geo-block-ip-addr', 'my_replace_ip' );

In this case, you don’t have to change the global variable.

Please refer to ip-geo-block-ip-addr.

One more thing.

$_SERVER[‘HTTP_X_FORWARDED_FOR’] can potentially have multiple IP addresses like xxx.xxx.xxx.xxx,yyy.yyy.yyy.yyy.

I think the following code in samples.php is better.

function my_retrieve_ip( $ip ) {
    if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
        $tmp = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );
        $ip = trim( $tmp[0] );
    }

    return $ip;
}
add_filter( 'ip-geo-block-ip-addr', 'my_retrieve_ip' );

Please note that X-Fowarded-for HTTP header can be set by attackers.

Hi @bigdrobek,

How are things going? I’ve changed handling private IP addresses in the new version 3.0.3. Probably your “Your IP address / Country” may indicate like “10.4.240.7 / XX (Cache)”.

The special code “XX” is assigned as private IP address in this plugin and never be blocked. And only you have to do is to put HTTP_X_FORWARDED_FOR into “$_SERVER keys to retrieve extra IP addresses“. Then this plugin extract true IP address from $_SERVER['HTTP_X_FORWARDED_FOR'].

As a result, you don’t have to put the code snippet that I showed in the previous thread into /wp-content/ip-geo-api/drip-in.php. Please try.

Thanks.

Dear Radek and all,

I’m sorry but:

The special code “XX” is assigned as private IP address in this plugin

was wrong. You should put the right country code instead of “XX”.

Currently, using filter hook ip-geo-block-ip-addr is my original design when the server is placed behind the proxy. But I have to change my design to provide easier UI to retrieve the true IP address as the number of users grows.

I’ll improve this issue in the next release.

Thanks.

Hi Tokkonopapa,

I′ll delete stats, than put HTTP_X_FORWARDED_FOR into “$_SERVER keys to retrieve extra IP addresses“ and we will see.

Thank,
??

• This reply was modified 7 years, 6 months ago by Radek Kucera.