munkie87

@wfalaa We have the same issue and have had to resort to manually checking the firewall status everyday to make sure it is enabled and not in learning mode. I’ve just turned on the low resource scanning to see if that helps.

It would be really nice if the “automatic re-enable” was 24 hrs instead of 1 week – or if this period of time was user configurable.

Looks like I found a simple solution – it requires two simple code changes.

bruteprotect.php >> Lines 78 & 307

Replace $_SERVER['REMOTE_ADDR'] with $_SERVER['HTTP_X_FORWARDED_FOR']

AWS Elastic Load Balancers forward through the original requesting IP address on http_x_forwarded_for. This slight change will make sure BruteProtect blocks the bad guys and not the load balancer.

Hey marcbkk,

/classes/check.php

I modified line 99 into:

if ( preg_match( '/(ipad|kindle|rim tablet|tablet)/i', $user_agent ) ) {

Hope this helps.

I finally came to a similar solution after taking the wrong assumption that the word ‘iphone’ would be detected under the phone detection before it got to the tablet detection.

In iOS 7.0.2, the user agent part “11A501” is picked up by “a501” under the tablet detection. It’s only doing a partial match, not an exact match.

We don’t need tablet detection on our sites so we just pulled out what we didn’t need.

Original:

if ( preg_match( '/(a100|a500|a501|a510|a700|dell streak|et-701|ipad|gt-n7000|gt-p1000|gt-p6200|gt-p6800|gt-p7100|gt-p7310|gt-p7510|lg-v905h|lg-v905r|kindle|rim tablet|sch-i800|silk|sl101|tablet|tf101|tf201|xoom)/i', $user_agent ) ) {
     return TRUE;
}

Revised:

if ( preg_match( '/(ipad|kindle|rim tablet|tablet)/i', $user_agent ) ) {
     return TRUE;
}

We couldn’t see any issues on Samsung devices, though removing all the unwanted matches may solve the issue.