127.0.0.1 as host of brute force

Seembs in my case that there is a cache webserver in the middle so the ip is this but in the header the real ip is available on X-FORWARDED-FOR but is ignored by the plugin.

@mte90

Make sure the Override Proxy Detection setting is not enabled in the Global Settings module.

• This reply was modified 8 years ago by pronl.
• This reply was modified 8 years ago by pronl.

That option is already disabled.

As I can see in the code there is no reference for that header so I think that is a bug or a missing feature on the plugin.

@mte90

Look for HTTP_X_FORWARDED_FOR

Even if a certain HTTP header is not included in the plugin code, the plugin offers a filter to add any missing HTTP header(s) …

You are right, I was looking for the wrong header.
The filter is itsec_filter_remote_addr_headers, I have to check for the right header name.

I resolved with this:

add_filter('itsec_filter_remote_addr_headers', function($headers) {
    $headers[] = 'X-Forwarded-For';
    return $headers;
});

@mte90

Thanks for sharing that.
Looks like a custom HTTP header. Usually it would look like ‘HTTP_X_FORWARDED_FOR’.
But that is already included in the get_ip() method.

Where did you put that piece of code anyway ? In the active theme functions.php file ?

You probably got lucky because according to the 5.7.1 Changelog:

Bug Fix: Remote IP is now correctly identified if the server is behind a reverse proxy that sends requests with more than one IP listed in a single header.

and

Enhancement: Improved the logic for determing the requesting IP address to better handle situations where the site is behind a reverse proxy.

The 5.7.1 plugin was released yesterday ??

I created a little plugin for that ??