restricted-site-access icon indicating copy to clipboard operation
restricted-site-access copied to clipboard

Published 20 hours ago verified publisher icon 10up

X_FORWARDED_FOR header fails to be interpreted when has multiple IPs

Open ngatti-tmm opened this issue 7 months ago • 0 comments

Describe the bug

If the header X_FORWARDED_FOR has more than 1 IP (for example when the requests goes through several reverse proxies) it seems the RSA plugin can't understand it. An other issue is that when you click on "Add my IP" to the whitelist, it does not add anything.

Steps to Reproduce

  1. Configure a site under two reverse proxies configured to append X_FORWARDED_FOR headers
  2. Restrict access to the wordpress with RSA
  3. Add your public IP in the RSA whitelist
  4. Logout and try to browse the site. You will be blocked even when your IP is whitelisted.

Screenshots, screen recording, code snippet

No response

Environment information

No response

WordPress information

No response

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

ngatti-tmm avatar Jan 03 '24 19:01 ngatti-tmm