Varnish and proxy fix
-
In order to make sure that you get the user’s IP if the site is behind proxy you might need to get the ip from a different source.
please look at the following diff:
Index: loginlockdown.php ================================================= --- loginlockdown.php (revision 131) +++ loginlockdown.php (working copy) @@ -131,7 +131,7 @@ global $wpdb; global $loginlockdownOptions; $table_name = $wpdb->prefix . "login_fails"; - $ip = $_SERVER['REMOTE_ADDR']; + $ip = getRemoteIPAddress(); //$_SERVER['REMOTE_ADDR']; $class_c = substr ($ip, 0 , strrpos ( $ip, "." )); $numFailsquery = "SELECT COUNT(login_attempt_ID) FROM $table_name " . @@ -148,7 +148,7 @@ global $wpdb; global $loginlockdownOptions; $table_name = $wpdb->prefix . "login_fails"; - $ip = $_SERVER['REMOTE_ADDR']; + $ip = getRemoteIPAddress(); //$_SERVER['REMOTE_ADDR']; $username = sanitize_user($username); $user = get_user_by('login',$username); @@ -169,7 +169,7 @@ global $wpdb; global $loginlockdownOptions; $table_name = $wpdb->prefix . "lockdowns"; - $ip = $_SERVER['REMOTE_ADDR']; + $ip = getRemoteIPAddress(); //$_SERVER['REMOTE_ADDR']; $username = sanitize_user($username); $user = get_user_by('login',$username); @@ -190,7 +190,7 @@ function isLockedDown() { global $wpdb; $table_name = $wpdb->prefix . "lockdowns"; - $ip = $_SERVER['REMOTE_ADDR']; + $ip = getRemoteIPAddress(); //$_SERVER['REMOTE_ADDR']; $class_c = substr ($ip, 0 , strrpos ( $ip, "." )); $stillLockedquery = "SELECT user_id FROM $table_name " . @@ -212,7 +212,15 @@ return $listLocked; } - +function getRemoteIPAddress() { + if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + return $_SERVER['HTTP_CLIENT_IP']; + } + elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + return $_SERVER['HTTP_X_FORWARDED_FOR']; + } + return $_SERVER['REMOTE_ADDR']; +} function get_loginlockdownOptions() { $loginlockdownAdminOptions = array( 'max_login_retries' => 3,
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Varnish and proxy fix’ is closed to new replies.
