Traffic From Non Whitelisted Countries still getting in , Help

  • Resolved jdstiegman

    (@jdstiegman)


    7 years, 6 months ago

    I setup the basic configuration for IP Geo Block and created a white list just for the US and Canada.

    I’m still getting a ton of traffic from France, China, Vietnam, etc.. with DOS attacks.

    Am I missing something in the configuration? It seems simple enough, I just want to white list the US and CA.

    Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @jdstiegman,

    Sorry for your issue, but I have to confirm the followings:

    Where do you find undesired traffic. I mean you find them in your server’s log, or find them in “Logs” of this plugin.

    If you case is the former one, currently this plugin does not support blocking IP addresses at server level but application (e.g. WordPress) level.

    If your case is the later one, please let me know which target do you find the traffic and how to configure the target. If you find them in the back-end, please try “Best for Back-end” button in the “Plugin settings” section at the bottom.

    Thanks.

    Thread Starter jdstiegman

    (@jdstiegman)

    It’s the latter. I can see the traffic in real time using Wordfence (another WordPress plugin)

    What does the “Best for Back-end” settings do ?

    • This reply was modified 7 years, 6 months ago by jdstiegman.
    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @jdstiegman,

    I can see the traffic in real time using Wordfence (another WordPress plugin)

    As I could not see what you were seeing, please includes as much information as possible. Then you can get the answer more quickly.

    There’s a few possibilities that would cause your issue.

    If you can not find any logs in this plugin’s “Logs” tab, then your site would be placed behind the proxy or load balancer. Please check “How does Wordfence get IPs” in “Wordfence Options” page. If your choice is other than “Let Wordfence use the most secure method to get visitor IP addresses…“, then you need to configure similar thing in this plugin. Please put the appropriate key of PHP’s environment valiable $_SERVER such as HTTP_X_FORWARDED_FOR, HTTP_X_REAL_IP or something like that to retrieve the correct IP.

    In the case if you can find any logs in this plugin’s “Logs” tab, then your site may be safe.

    I’m not sure when Wordfence grabs the live traffic. But there’s a possibility that live traffic shows the requests before this plugin would validate the country code because Wordfence WAF starts its jobs just before WordPress is executed. Wordfence configures PHP to enable auto_prepend_file directive to do this.

    Regarding “Best for Back-end” button, it would enable all the settings in “Back-end target settings” and select “Validation timing” as “mu-plugins (ip-geo-block-mu.php)“.

    Anyway, I need more information about your server. I’d appreciate your understanding.

    Thanks.

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @jdstiegman and all,

    I had confirmed that Wordfence Live Traffic shows what its WAF should capture before this plugin. Then this plugin validates the rest of the requests that pass over Wordfence because those are not in the WAF rules.

    Please refer to https://www.ipgeoblock.com/codex/access-from-blacklisted-country.html#1-wordfence-live-traffic

    Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Traffic From Non Whitelisted Countries still getting in , Help’ is closed to new replies.