XF 1.5 Users gets locked out regularily

[7ore]

We have moved our forum from an old vBulletin site to Xenforo 1.5.
During our test phase we never noticed any problems but now, when we are Live a lot of users experience that their accounts locked for a couple of minutes before they can login again. And I have experienced this myself as well.
And it has rarely anything to do with the actual login. I can get it when I try to save something in the ACP I get a message "You must be logged in to save" and when I login again - I am locked out for a couple of minutes.

Any ideas on how to troubleshoot this and solve it?

 

[Paul B]

The first thing to note is that your site is available at both www and non-www.
This will definitely cause issues if pages are flipping between the two.

As a starting point, force the site to one or the other.
Point 19 of the FAQ explains how to do that: https://xenforo.com/community/threads/frequently-asked-questions.5183/#post-180456

Being locked out would generally indicate an incorrect password being entered multiple times.

 

[Mike]

It sounds to me like your server is behind a reverse proxy which means user IP addresses are changing which can cause them to be logged out. Invalid password attempts will then be logged against the wrong IP meaning unexpected lock outs.

Make a post on your forum and look at the logged IP for it. Is it wrong? Do you know if you're behind a reverse proxy, such as CloudFlare?

 

[7ore]

Thanks for the advice. We have the servers on AWS, so I need to investigate he setup.

 

[Mike]

You're probably using something like ELB which is forwarding requests to your web servers. Ideally, you want the IPs to be translated to the real client IP within the web server itself (it will then be correct for all applications on the server and the web server logs). There are several web server extensions that can do this depending on what you're using.

You can do it within the XF config file as well, though it's generally better to do it at a higher level if possible.

 

[7ore]

Yes, thats right, we have a load balancer in front. Thanks for the pointers, I'll investigate what we need to add (or remove).