X_FORWARDED_FOR header fails to be interpreted when has multiple IPs #299

ngatti-tmm · 2024-01-03T19:16:10Z

Describe the bug

If the header X_FORWARDED_FOR has more than 1 IP (for example when the requests goes through several reverse proxies) it seems the RSA plugin can't understand it.
An other issue is that when you click on "Add my IP" to the whitelist, it does not add anything.

Steps to Reproduce

Configure a site under two reverse proxies configured to append X_FORWARDED_FOR headers
Restrict access to the wordpress with RSA
Add your public IP in the RSA whitelist
Logout and try to browse the site. You will be blocked even when your IP is whitelisted.

Screenshots, screen recording, code snippet

No response

Environment information

No response

WordPress information

No response

Code of Conduct

I agree to follow this project's Code of Conduct

ngatti-tmm added the type:bug Something isn’t working. label Jan 3, 2024

jeffpaul added this to the 7.6.0 milestone Jan 11, 2024

jeffpaul added the help wanted label Jan 16, 2024

jeffpaul modified the milestones: 7.6.0, Future Release Jan 16, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

X_FORWARDED_FOR header fails to be interpreted when has multiple IPs #299

X_FORWARDED_FOR header fails to be interpreted when has multiple IPs #299

ngatti-tmm commented Jan 3, 2024

X_FORWARDED_FOR header fails to be interpreted when has multiple IPs #299

X_FORWARDED_FOR header fails to be interpreted when has multiple IPs #299

Comments

ngatti-tmm commented Jan 3, 2024

Describe the bug

Steps to Reproduce

Screenshots, screen recording, code snippet

Environment information

WordPress information

Code of Conduct