Skip to content

Wrong Visitor IP Address

If you are using a plugin that relies on IP addresses, such as security plugins, geolocation plugins, currency switchers, payment gateways, etc, it is important that these plugins have the correct IP addresses for your visitors. Otherwise, they may be served content in the wrong language, or find themselves subjected to unexpected security measures.

If you are getting odd results from these plugins, the problem may be a wrong visitor IP address. They may be getting the IP address of the PoP node instead of the visitor's own IP address. You can solve this with a simple web server configuration.

We've configured the most recent versions of LiteSpeed servers to avoid this problem, but if you need manually configure your server, there are two things you must configure it to do:

  1. Read the X-Forwarded-For header to get the visitor's actual IP address
  2. Make sure all IPs are Trusted and then use the client IP only for trusted IPs

To do this on a LiteSpeed server from the WebAdmin Console:

  1. Navigate to Server Config > Security > Access Control and keep it empty.
  2. Navigate to Server Config > General > General Settings and set Use Client IP in Header to Trusted IP only.

If you don't have access to your server configuration, please ask your hosting provider to set it for you. Alternatively, you may be able to configure the plugins themselves to use the X-Forwarded-For header.

If you are concerned that your server may not be pulling in the the current IP list, you can check the /usr/local/lsws/tmp/ directory. There should be a download-quic-cloud-ips file there, and it will contain the IPs.

Last update: January 30, 2024