Problem with option "Site connection - My site is behind a reverse proxy"

Hello!

For some context, my WordPress website is hosted behind a reverse proxy on a server with an IP in a local network range (192.168.1.100 for exemple). I’m configuring the plugin from another computer that is located in the same local network (192.168.1.75 for exemple).

So when I go in the Main Settings and I try to enable the option :
Site-Specific Settings / Site connection - My site is behind a reverse proxy and then click on the Save Change button at the bottom of the page, I get the following error at the top of the page :
The reverse proxy mode has not been enabled. No valid proxy headers found.

But it’s normal that I have no valid proxy header since I’m connecting to the website from a local machine (in the same network of the server) to the local address of the server. So I’m not going through the reverse proxy.

I’m still able to enable the option if I connect from a VPN to my website, but each time I modify another option in the Main Settings from my local administration computer, the option Site connection is disabled with the same error even if it was already enabled.

So there should be a way to ignore that error and enable it anyway. I do remember in the past, with a previous version of the plugin, that I was able to enable that option from the same administration computer without error.

Thank you!

hey,

It seems that this has nothing to do with WP-Cerber, but it also seems to me that you might have overlooked quite a bit, or I completely misunderstand your question. I want to share my experience, as I also host my website on a local machine from home. A crucial step is to ensure that your domain name is correctly set up with the right nameservers that point to your IP. Personally, I use reverse DNS, offered for free by Cloudflare. This is a safe and reliable solution, but remember, with free services, you often become the product.

Once your nameservers are correctly set at your domain registrar, you need to create A-records on your reverse DNS platform, in my case, Cloudflare. In my situation, there’s a chance that my outgoing IP changes, so I developed a script that automatically updates my DNS records should this happen. It’s important not to use your internal IP address but the IP address your ISP assigns to you. On your router, you may need to adjust some settings, like applying NAT and forwarding ports to the IP address of your server and the necessary ports. (the DNS names of Cloudflare need to be set by the namespace provider! in my case)

Once this is correctly set up, and your firewall and MOD Security are functioning properly, you might consider implementing a WAF-firewall like WP Cerber for an additional layer of security. This helps make your site even more secure against potential threats.

I hope this information helps you improve your configuration and make your local hosting environment safer and more efficient

Hello,

Thanks for your answer, but I think there’s no issue with my network and server setup but I’ll add more context about it.

Indeed I use Cloudflare as a name server and a reverse proxy (to protect my websites and my IP address). I also use haproxy on my pfSense server/firewall since I host more than one website and I need to redirect the connexions on more than one server depending on the website. So there’s no NAT necessary in my case (I only added the appropriate firewall rules).

So for many years now, everything is working fine with all these services from the Internet, the option My site is behind a reverse proxy works fine if I enable it from a computer external to my local network (through a VPN for exemple) and I see the correct public IP in the connexions logs of WP Cerber.

My problem is that when I connect from my internal network, the local DNS of my pfSense server is used and so the IP addresses of all the machines are then private adresses. So when I modify any option in the Main Settings WP Cerber thinks that the website is no longer behind a reverse proxy, even if it’s not the case, and then disable the option My site is behind a reverse proxy showing the error message I talked about in my first post. I was able to enable the option in the past with the same network setup and it’s been configured like that for a few years.

From my experience, it’s not unusual to have a local DNS in an enterprise, or at home in my case, that gives you different IP internally for a domain name and that another external public DNS (like Cloudflare) gives you a different (public) IP for the same domain.

1 Like

So let’s summarize to see if I understand correctly, and I also have an additional question.

Setup: The WordPress website is hosted on a server with an IP address within a local network (e.g., 192.168.1.100). To make the website accessible from the internet and to offer security benefits, Cloudflare is used (as name server and reverse proxy) and HAProxy on a pfSense server/firewall for routing the traffic to the correct server within the local network, depending on the requested website.

Problem: When the website administrator tries to activate a specific option in the WP Cerber plugin indicating that the site operates behind a reverse proxy, they receive an error message stating that the reverse proxy mode has not been enabled because no valid proxy headers were found. This occurs because the connection to the website is made locally (within the same network) and thus does not go through the external reverse proxy (Cloudflare), resulting in the absence of the required headers.

Challenge: The challenge is that the WP Cerber plugin must be correctly configured to recognize that the site indeed sits behind a reverse proxy, even when the administrator attempts to access the site from the local network. The problem is complicated by internal DNS settings causing the IP addresses of the machines within the network to appear as private addresses, which disrupts the detection of the reverse proxy status.

The crux of the problem lies in managing how the WP Cerber plugin detects the presence of a reverse proxy, especially in scenarios where access to the site can occur both internally (within the same local network) and externally (via the reverse proxy). The solution could involve finding a way to adjust the plugin or network configuration so that it recognizes the site operates behind a reverse proxy, regardless of whether access is internal or external.
But you said it worked in the past.

The question that now comes to mind is → has there been an update on your DNS SERVER /PFSENSE (HA proxy) (do you have auto-update enabled?) or did the problem arise after an update of wp-cerber? If yes in the latter case, consider doing a rollback to a previous version possibly through update repair. If that does not solve the problem is not WP-cerber in my humble opinion

So to problem indeed started after I upgraded WP Cerber two weeks ago it was at really old version since the auto-update wasn’t working. I never had this error when changing the configuration in the plugin before.

The problem in the end, is that there’s no option to ignore the false error and activate the option anyway since I know what I’m doing and don’t need the plugin to failsafe check for a proxy header without giving me the option to ignore it.

Like I said the website works fine, the plugin works fine and I have a way to bypass the issue.

But I would like a fix, for exemple, an option to enable it anyway with a second confirmation prompt instead of the error message just blocking me to enable the option.

So if a developer of WP Cerber could comment about this issue that would be nice.

Thanks!