X-Forwarded-For Parsing

  • I’m having an issue with Wordfence 6.2.10 and how it handles X-Forwarded-For parsing.

    My website is hosted behind Amazon Cloudfront, which adds both the client IP and the Cloudfront server IP to the X-Forwarded-For header (so it looks like X-Forwarded-For: 1.1.1.1, 54.239.129.200, where 1.1.1.1 is the client and 54.239.129.200 is the Cloudfront server).

    Wordfence parses this header and returns the Cloudfront server IP as the IP address for the visitor, I’m guessing because it’s the last address in the array. This only started to occur after 6.2.8, and I notice the changelog for this version that the parsing method for this header was changed.

    Is it possible for this change to be revisited? REMOTE_ADDR isn’t an option as this returns an internal AWS IP address, and both X-Real-IP and CF-Connecting-IP are (as expected) not set, and without accurate Client IP detection the usefulness of Wordfence is compromised.

    Many thanks!

Viewing 1 replies (of 1 total)

  • I am having a similar issue with websites I am using Incapsula’s CDN with. It worked fine and then just recently noticed it stopped showing the visitor’s IP address and regardless of settings in WordFence or Incapsula it will only either show the Incapsula IP address or my server’s IP.

Viewing 1 replies (of 1 total)
  • The topic ‘X-Forwarded-For Parsing’ is closed to new replies.