@h3x4git opened this Issue on June 11th 2020

The server I'm hosting a few of my Matomo instances on has recently adopted a security measure for preventing bruteforce attacks.

The hosting provider staff says that part of this entails PHP variables such as $_SERVER['REMOTE_ADDR'] will return the local machine external address instead of the visitor's. As a result all the visitors in my Matomo history appear to come from the same city as the server location. Regardless what city, region or nation they visit from.

$_SERVER["HTTP_X_REAL_IP"] is the actual variable to be used on those machines, otherwise a migration to a less secure server will be necessary.

I haven't found a way to address this problem through the config file, in the docs I've only found information as for logging the real IP address when behing a proxy, which isn't my case. Is there any way to set which variable should be called for the IP address value provided by PHP?

@tsteur commented on June 11th 2020 Member

@h3x4git you need to configure proxy_client_headers as mentioned here https://matomo.org/faq/how-to-install/faq_98/

That's probably the FAQ you found and it should in this case also apply to you even though it might not be a proxy.

Let me know if this doesn't work for you and I'll be happy to reopen.

This Issue was closed on June 11th 2020
Powered by GitHub Issue Mirror