Login fails with AWS ELB with brute force on

This topic contains 0 replies, has 1 voice. Last updated by Daniel Williams 4 years, 5 months ago.

Topic Author	Topic
Posted: Wednesday Jul 18th, 2012 at 11:23 am #19647
Daniel Williams Username: dwilliams
Note: This hack is for persons running s2member behind a ELB on AWS. Amazon ELB, like most load balancer, does not present the “real” user IP to Apache/PHP. The PHP’s reserved variables $_SERVER[‘REMOTE_ADDR’] will return the private IP of the ELB not the user. The key need to get the user’s real IP is $_SERVER[‘HTTP_X_FORWARDED_FOR’]. If you search wp-content/plugins/s2member/includes/classes/ and replace all $_SERVER[‘REMOTE_ADDR’] with $_SERVER[‘HTTP_X_FORWARDED_FOR’] s2member will have the user’s IP and brute force restriction will work again on a per user bases. If anyone has a better solution, please advise me… Thanks -Daniel

This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.