Did you add 130.176.90.85 to the reverse proxy whitelist?
In the meantime, thanks for the quick reply..
I tried to add 130.176.90.85 to the reverse proxy whitelist, but nothing has changed. But I don’t quite understand where it says in the whitelist part that you have to put the IPv6 address as well… I added only “130.176.90.85” in the input box… can it be for this? Furthermore, the address 130.176.90.8 corresponds to the CloudFront CDN, so it does not remain constant, it is destined to change according to the connected user! Do you have any other suggestions for us?
Thanks in advance
Here is the complete list of Cloudflare IPs:
https://www.cloudflare.com/ips/
It’s a bit lengthy, but you could save them all …
Ok, so I have to enter all the IPs present in https://ip-ranges.amazonaws.com/ip-ranges.json, separated by commas, in the “IPs of trusted proxies” input box of the plugin, correct?
To give an example, taking the first 5 IPs of the linked json file, I have to enter this in the “IPs of trusted proxies” field of the plugin:
3.5.140.0/22,13.34.37.64/27,35.180.0.0/16,43.224.79.174/31,52.93.153.170/32
It’s correct?
In this way these IP ranges will be skipped and therefore the IP 93.46.97.164 will be assumed as the client. Quite right?
Hi @benjaminpick , unfortunately something is wrong…
IP detected:
External Server IP: 15.188.79.253 (Paris, WebServer hosted in AWS EC2)
REMOTE_ADDR: 172.26.15.14 (reserved IP address)
HTTP_X_FORWARDED_FOR: 93.46.97.164 (Browser IP), 130.176.111.36 (US CloudFront)
Here are the tested steps:
1. “The server is behind a reverse proxy” option disabled.
I read this:
(With Proxy: 93.46.97.164, 130.176.111.39 - Without Proxy: 172.26.26.89 - Client IP with current configuration: 172.26.26.89)
2. “The server is behind a reverse proxy” option enabled.
I read this:
(With Proxy: 93.46.97.164, 130.176.111.19 - Without Proxy: 172.26.26.89 - Client IP with current configuration: 130.176.111.19)
3. “The server is behind a reverse proxy” option enabled and and the input box “IPs of trusted proxies” set to “130.176.111.19” (IP CloudFront). I would expect to finally get “Client IP with current configuration: 93.46.97.164”, but I read this:
(With Proxy: 93.46.97.164, 130.176.111.19 - Without Proxy: 172.26.26.89 - Client IP with current configuration: 172.26.26.89)
In short, by valuing the input field “IPs of trusted proxies” in any way, it is as if you disabled the “The server is behind a reverse proxy” option! How come this?
Hi lucianodefranco,
oh, that’s because 172.26.26.89 as an internal IP is not whitelisted yet…
Can you add
10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
to the list and see if it works then?
I might add an option for this in future versions of the plugin, but adding these ranges should work for you.
Yes you observed correctly – adding a reverse proxy changes the behavior. Because by default, if no whitelist is there, the first proxy is assumed as reverse proxy – but in your case, there are two reverse proxy, so you need to specify them.
There is another problem – of course AWS might change these IP ranges anytime. So I guess I have to add downloading the file and updating these ranges to the plugin … I have added this as a feature request:
https://github.com/yellowtree/geoip-detect/issues/160
Ok @benjamin4 , now it’s clear.
We thought that the first IP was already discarded by the reverse proxy option and therefore should not be added there … Maybe you could improve the description of the field 🙂
Yes, our example with that specific IP was just a test, we know that it will then be necessary to manually add the entire IP list of the CDN … But in the meantime we wanted to test the correct functioning with a single IP;)
Adding lists as a plugin feature seems like a great idea for the future to me!
Thanks again for the invaluable support!
