• Resolved lucianodefranco

    (@lucianodefranco)


    I have a problem with the plugin Geolocation IP Detection since I added AWS CloudFront CDN. I use the plugin with Maxmind Precision Web-API.

    I have enabled the reverse proxy option, because I actually see the correct IP of the client in the “With Proxy” label. Exactly this is what I read under the heading of the reverse proxy:

    (With Proxy: 93.46.97.164, 130.176.90.85 - Without Proxy: 172.26.26.89 - Client IP with current configuration: 130.176.90.85)

    The correct IP of my client is 93.46.97.164 (located in Italy), ie the one on the left indicated in “With Proxy” label. However he takes the second one, 130.176.90.85 (located in USA), which is the IP of CloudFront!!!

    The IP “Without Proxy” 172.26.26.89 (located in France) is of the Amazon server on the wordpress is running, so I think it is correct to select the reverse proxy option.

    Depending on whether you activate the Reverse Proxy option or not, the plugin locates me in the USA or France, but never in Italy!

    How can I solve?

    The page I need help with: [log in to see the link]

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Benjamin Pick

    (@benjaminpick)

    Did you add 130.176.90.85 to the reverse proxy whitelist?

    Thread Starter lucianodefranco

    (@lucianodefranco)

    In the meantime, thanks for the quick reply..

    I tried to add 130.176.90.85 to the reverse proxy whitelist, but nothing has changed. But I don’t quite understand where it says in the whitelist part that you have to put the IPv6 address as well… I added only “130.176.90.85” in the input box… can it be for this? Furthermore, the address 130.176.90.8 corresponds to the CloudFront CDN, so it does not remain constant, it is destined to change according to the connected user! Do you have any other suggestions for us?

    Thanks in advance

    Plugin Author Benjamin Pick

    (@benjaminpick)

    Here is the complete list of Cloudflare IPs:
    https://www.cloudflare.com/ips/
    It’s a bit lengthy, but you could save them all …

    Plugin Author Benjamin Pick

    (@benjaminpick)

    Oh wait, you said cloudfront …
    https://forums.aws.amazon.com/ann.jspa?annID=2051

    Thread Starter lucianodefranco

    (@lucianodefranco)

    Ok, so I have to enter all the IPs present in https://ip-ranges.amazonaws.com/ip-ranges.json, separated by commas, in the “IPs of trusted proxies” input box of the plugin, correct?

    To give an example, taking the first 5 IPs of the linked json file, I have to enter this in the “IPs of trusted proxies” field of the plugin:

    3.5.140.0/22,13.34.37.64/27,35.180.0.0/16,43.224.79.174/31,52.93.153.170/32

    It’s correct?

    In this way these IP ranges will be skipped and therefore the IP 93.46.97.164 will be assumed as the client. Quite right?

    Thread Starter lucianodefranco

    (@lucianodefranco)

    Hi @benjaminpick , unfortunately something is wrong…

    IP detected:

    External Server IP: 15.188.79.253 (Paris, WebServer hosted in AWS EC2)
    REMOTE_ADDR: 172.26.15.14 (reserved IP address)
    HTTP_X_FORWARDED_FOR: 93.46.97.164 (Browser IP), 130.176.111.36 (US CloudFront)

    Here are the tested steps:

    1. “The server is behind a reverse proxy” option disabled.
    I read this:
    (With Proxy: 93.46.97.164, 130.176.111.39 - Without Proxy: 172.26.26.89 - Client IP with current configuration: 172.26.26.89)

    2. “The server is behind a reverse proxy” option enabled.
    I read this:
    (With Proxy: 93.46.97.164, 130.176.111.19 - Without Proxy: 172.26.26.89 - Client IP with current configuration: 130.176.111.19)

    3. “The server is behind a reverse proxy” option enabled and and the input box “IPs of trusted proxies” set to “130.176.111.19” (IP CloudFront). I would expect to finally get “Client IP with current configuration: 93.46.97.164”, but I read this:
    (With Proxy: 93.46.97.164, 130.176.111.19 - Without Proxy: 172.26.26.89 - Client IP with current configuration: 172.26.26.89)

    In short, by valuing the input field “IPs of trusted proxies” in any way, it is as if you disabled the “The server is behind a reverse proxy” option! How come this?

    Plugin Author Benjamin Pick

    (@benjamin4)

    Hi lucianodefranco,

    oh, that’s because 172.26.26.89 as an internal IP is not whitelisted yet…

    Can you add
    10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
    to the list and see if it works then?
    I might add an option for this in future versions of the plugin, but adding these ranges should work for you.

    Yes you observed correctly – adding a reverse proxy changes the behavior. Because by default, if no whitelist is there, the first proxy is assumed as reverse proxy – but in your case, there are two reverse proxy, so you need to specify them.

    Plugin Author Benjamin Pick

    (@benjamin4)

    There is another problem – of course AWS might change these IP ranges anytime. So I guess I have to add downloading the file and updating these ranges to the plugin … I have added this as a feature request:

    https://github.com/yellowtree/geoip-detect/issues/160

    Thread Starter lucianodefranco

    (@lucianodefranco)

    Ok @benjamin4 , now it’s clear.

    We thought that the first IP was already discarded by the reverse proxy option and therefore should not be added there … Maybe you could improve the description of the field ??

    Yes, our example with that specific IP was just a test, we know that it will then be necessary to manually add the entire IP list of the CDN … But in the meantime we wanted to test the correct functioning with a single IP;)

    Adding lists as a plugin feature seems like a great idea for the future to me!

    Thanks again for the invaluable support!

    Plugin Author Benjamin Pick

    (@benjamin4)

    Ok yes …

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Problem reverse proxy option using CDN AWS CloudFront’ is closed to new replies.