Connectivity Ability to connect to the Wordfence servers and your own site

Hi @stefanp44, thanks for getting in touch.

If the second error is regarding the IPv6 connectivity, you don’t need to be concerned about that as it occurs when the software on your server (often seen with Cloudflare) assigns an IPv6 address to your site, but your host doesn’t actually give you an IPv6 address.

However, it looks like the first “Connecting back to this site” is also failing so this implies your site can’t connect to our servers and back again. This may be causing problems with rules updates and scans as this connectivity is required.

If you don’t have Cloudflare, it is possible that another firewall associated with your server could be blocking the communication between your site and our servers. Make sure to ask your host if you’re not sure whether that’s the case. If you do have one in place that you’re able to configure, you may need to allow our IPs: https://www.wordfence.com/help/advanced/#servers-and-ip-range

If you do have Cloudflare, you will most likely select “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.” in Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs.

You may also need to update your Cloudflare settings to allow your site to connect back to itself. You should be able to do this by going to your Cloudflare control panel. It’s worth checking all IPs associated with your server first (Find them at Wordfence > Tools > Diagnostics > IP(s) used by this server)

• Login to Cloudflare
• Go to “Firewall”
• Click the “Firewall Rules” tab
• Click “Create a Firewall rule”
• Name the rule under “Rule Name”
• Set the “Field” under “When incoming requests match…” to “IP Source Address”
• Enter your site’s IP address(es) under “Value”
• At the bottom, under “Then…Choose an action” change “Block” to “Allow”
• Click “Deploy

If it seems that you also need to allow our IPs, repeat the same process for the list of IPs given in the link above.

Thanks,
Peter.

Hi @wfpeter,

Thank you for your reply. I don’t use Cloudflare so I investigated a bit around the server and I think I found the culprit.

When I deactivate the server’s mod_security, I get a green “OK” for Connecting back to this site. I don’t have the possibility to whitelist some IPs, only activate or deactivate.

The “Connecting back to this site via IPv6” line remains red though but you mentioned it’s not that important.

After reading a bit about mod_security, it seems ok to have it deactivated: could you confirm that?

• This reply was modified 1 year, 1 month ago by Stephane PISKORZ. Reason: forgot a question

Hi @stefanp44, thanks for the extra information.

Some mod_security rules in our experience can be a bit aggressive?and will block certain operations. Not so much recently, but I used to frequently see loopback being blocked in this way – which would result precisely in the connectivity issue you were seeing before.

If you or your host are happy to keep it off, that should be fine, but you could also attempt some trial and error to see if some rules can be kept, just leaving the problematic ones off.

Thanks,
Peter.