search

10up / restricted-site-access

Limit access to visitors who are logged in or allowed by IP addresses. Includes many options for handling blocked visitors.
http://10up.com/plugins/restricted-site-access-wordpress/
GNU General Public License v2.0
230 stars 48 forks source link

X_FORWARDED_FOR header fails to be interpreted when has multiple IPs #299

Closed ngatti-tmm closed 3 weeks ago

ngatti-tmm commented 8 months ago

Describe the bug

If the header X_FORWARDED_FOR has more than 1 IP (for example when the requests goes through several reverse proxies) it seems the RSA plugin can't understand it. An other issue is that when you click on "Add my IP" to the whitelist, it does not add anything.

Steps to Reproduce

  1. Configure a site under two reverse proxies configured to append X_FORWARDED_FOR headers
  2. Restrict access to the wordpress with RSA
  3. Add your public IP in the RSA whitelist
  4. Logout and try to browse the site. You will be blocked even when your IP is whitelisted.

Screenshots, screen recording, code snippet

No response

Environment information

No response

WordPress information

No response

Code of Conduct

Sidsector9 commented 1 month ago

Hi @ngatti-tmm,

The "Add my IP" is working for me, please watch the video:

https://github.com/user-attachments/assets/2162770f-64ee-4bd3-b3bc-86ab0c5af9d9

Please confirm if there are no issues with your installation and check for any console errors on the Settings page. Once that is fixed, retry by whitelisting the IPs of all the reverse proxies.

Sidsector9 commented 3 weeks ago

We're closing this issue since we haven't heard from you in a while. Feel free to reopen if needed.