Support

 Hi,
I have a question about "IP Workaround".
If i go in the WAF configuration, i can see "the recommand setting for your site is : no". But when i connect on the main page of admin tools, i can see "Hey ! You should activate this option !".
I don't use cdn or proxies but i don't want to do something bad as there is a text "be careful, if you activate this option, it could lower the protection of your site !".

Please, tell me :)
Regards,
Xavier

Xavier,

This option is only used when you have CloudFlare or a similar system in front of your web server. If I try to access your site, I really access the CDN, it then accesses your site. What Admin Tools sees is that the IP of your CDN accessed your site. So that IP address will be blocked pretty quickly because every Tom, Dick and Harry who tries something fishy will cause an exception from that IP. The real IP address, my IP in the original example, is passed in a different field in the header. Admin Tools has to read this address to find out who the real bad guy is. And it does.

Enter badly configured CDNs. Some are set up to reverse the "from" IP addresses, so Admin Tools is reading the wrong one. The "IP Workaround" setting just flips the IP addresses so we act on the correct one.

Mostly the setting advice in the Configure WAF page is correct, but not 100% of the time. If you are getting a warning on the Admin Tools Control Panel, go ahead and switch the IP Workaround setting. If that is the wrong thing to do, you will eventually get locked out. The instructions for getting back in are here: https://www.akeebabackup.com/documentation/troubleshooter/atwafissues.html.

Hi Dale,

So, if i understand well, i can safely activate the option even if the recommand setting is on "no" ? What I want to understand is why on one site i get "activate it ! " and on the other side i get "don't activate it!" :)
This is main question : why opposite advice on the same site ?

Again, i don't use any cdn or proxy.


Thanks for the help :)

As I said, the calculation that it does to determine the correct setting is not 100% accurate, sometimes it just can't tell. I would expect the same server to give the same results, right or wrong.

If you are not using anything in front of your web server, then do not turn IP Workarounds on.

Thanks, i will not then :)
...But i don't really understand how to know how to determine on a situation if i should or not activate it.
If i never use cdn or proxies, just my own server, what is the best way to know then ?
Understand me : i just want to understand how i can be sure of what to do on different sites without borrowing you for all the situation (yes i always can try and rename the plugin by ftp if i am kicked of but i "like to understand" to be able to use it by myself).

Have a nice day Dale and thanks for your time :)
Regards,
Xavier

This option is only used with something else in front of your server. If there is no other server in front, you do not need it. This option changes how Admin Tools reads information sent from the OTHER server.

Having it set right is good, understanding WHY it is set right is better. :-)

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.