Power School

We are using Power School with Cloudflare and the issue is that Cloudflare uses on IP address to connect and then a second IP address to represent the client address. Power School believes it is a hacking attempt since the connecting IP and the IP representing the client are not the same. I have tried everything to resolve the issue including firewall rules, page rules, and apps with no success. The error from Power School is below. If anyone has a solution, we would greatly appreciate it!

<2020-10-17 12:39:53,217> INFO [Web Handler 117514] : 162.158.62.108 (Claimed for xx.xxx.xx.xxx) 0 SESSION SECURITY VIOLATION: Cookie for UID (10A7502) coming from different IP. Login on 108.162.219.153; cookie on 162.158.62.108; XFF=xx.xxx.xx.xxx TP=!; HACK ATTEMPT; No session for user

Will PowerSchool let you whitelist addresses from cloudflare.com/ips?

Power School accepts any IP address at the moment. The issue here is that Cloudflare is using two different IP addresses one to connect and another to proxy the client IP. If the IP used to connect was the same as the proxy for the client IP, Power School wouldn’t think it was a hack attempt. The double IP make it look like a browser hijacking attempt to Power School. Thank for your reply!

Right, but maybe PowerSchool will be more lenient if the addresses were whitelisted.

The root cause is probably that the server isn’t restoring Visitor IP addresses before it gets to PowerSchool:

I read that article, but it seemed aimed more at restoring the visitor IP on the web server logs in IIS and not at the Application level in Power School.

Do you think restoring the Visitor IP in IIS would pass through to Power School?

Even if we restore the original Visitor IP, we would still have the issue of the double IP addresses from Cloudflare: Login on 108.162.219.153; cookie on 162.158.62.108

I’m not positive that IIS will correct the passthrough IP address. This article makes it seem like PowerSchool should recognize the X-Forwarded-For header:

Interesting article but didn’t resolve the issue. I reached out to the guy that wrote the article to see if has ever encountered this issue before.