My site is behind a reverse proxy doesn’t work

  • Resolved serenoidel

    (@serenoidel)


    5 years, 10 months ago

    I have 2 RaspberryPIs. One is directly on the the static+public IP on its ETH/PPPoE session. The other one is in a different place behind the NAT but this router has static+public on its WAN. Only ports 80 and 443 are forwarded to the internal IP 192.168….
    Both setups work, no problem but this one behind NAT never blocked anything even direct access to the wp-login.php. Attacks are regular but nothing happens even when a single IP tried to do something bad for an hour.

    I tried both settings of the “My site is behind a reverse proxy” but it looks like it doesn’t work.

    The first R-Pi on the public IP works as expected.

    • This topic was modified 5 years, 10 months ago by serenoidel.
    • This topic was modified 5 years, 10 months ago by serenoidel.
Viewing 4 replies - 1 through 4 (of 4 total)

  • I am also having an issue with the “My site is behind a reverse proxy” – I just tested this on a non-whitelisted IP address (behind Cloudflare) and it is seeing my IP address correctly, but NOT successfully dropping the traffic. I can still access site just fine on this IP after blacklisting myself.

    Thread Starter serenoidel

    (@serenoidel)

    It looks like Cerber doesn’t understand the situation of being behind the NAT in my case.
    In both setups all work flawlessly even Letsencrypt and postfix/dovecot.

    This does NOT work:
    —>DSLline—>router_publicIP_to_NAT—>192.168.10.10 (Raspberry PI with WordPress)

    This DOES work:
    LAN—>Ethernet_PPPoE_publicIP_on_Raspberry_PI (Raspberry PI with WordPress)

    • This reply was modified 5 years, 10 months ago by serenoidel.
    Plugin Author gioni

    (@gioni)

    All plugins including Cerber get IP addresses from server environment variables. If you have a complex network structure as you’ve described, please follow this guide: https://wpcerber.com/wordpress-ip-address-detection/

    Note: oftentimes, NATs and port forwarding technologies completely remove the source IP addresses from the IP packets (headers) so the server doesn’t see source IP addresses at all and is unable to get them to PHP scripts.

    Thread Starter serenoidel

    (@serenoidel)

    For incoming packets, when the port forwarding is used on the router (also Linux based router), the source IP is not changed when passing through. Only destination is changed when redirected to the R-PI. I watch my traffic on the Raspberry PI. IP headers are unchanged, ports also are unchanged. This is incoming traffic, not outgoing.

    Cerber correctly discovers attacks and source IPs of the attackers but never blocks their IPs.

    Refering this link: https://wpcerber.com/wordpress-ip-address-detection/
    What IP address are you talking about?

    1. Local IP of the machine the Cerber is installed on?
    2. Public IP of the network gateway (WAN of the router)?
    3. ?…

    Cerber works properly only when the machine with Cerber installed has public IP on it’s primary/default LAN interface.
    ——————
    Update.
    I have found problems in the “Server Info section”.

    No such thing as [HTTP_X_REAL_IP] => ….
    Instead there is my another public IP of computer I logged in to the wp-admin.

    [SSL_TLS_SNI] => is correct
    [HTTP_HOST] => is correct
    [SERVER_NAME] => is correct
    [SERVER_ADDR] => 192.168… correct internal IP of the raspberry PI
    [SERVER_PORT] => 443 correct
    [REMOTE_ADDR] => my PC which is connected to the wp-admin (not te real public IP)

    • This reply was modified 5 years, 9 months ago by serenoidel.
    • This reply was modified 5 years, 9 months ago by serenoidel.
    • This reply was modified 5 years, 9 months ago by serenoidel.
    • This reply was modified 5 years, 9 months ago by serenoidel.
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘My site is behind a reverse proxy doesn’t work’ is closed to new replies.