httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Guerra <imdavidgue...@gmail.com>
Subject Re: [users@httpd] block directories using Apache22
Date Wed, 12 Jun 2013 16:09:55 GMT
Yes, it should work just fine.  Are you putting this in the virtual host?


On Wed, Jun 12, 2013 at 12:08 PM, motty cruz <motty.cruz@gmail.com> wrote:

> Thanks for your help David,
>
> can this be accomplish in httpd.conf?
>
> Thanks,
>
>
> On Wed, Jun 12, 2013 at 9:07 AM, motty cruz <motty.cruz@gmail.com> wrote:
>
>> 192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] "GET /wp-login.php
>> HTTP/1.1" 200 1085
>>
>> I am still able to get access from a different IP than the one allow in
>> .htaccess
>> as you suggest:
>> <Files wp-login.php>
>> order deny,allow
>> Deny from all
>> allow from 192.168.8.4
>> </Files>
>>
>>
>>
>> On Wed, Jun 12, 2013 at 9:01 AM, David Guerra <imdavidguerra@gmail.com>wrote:
>>
>>> Try this format:
>>>
>>> <Files wp-login.php>
>>> order deny,allow
>>> Deny from all
>>> allow from xx.xxx.xx.xx
>>> allow from xx.xxx.xx.xx
>>> </Files>
>>>
>>>
>>>
>>> On Wed, Jun 12, 2013 at 11:52 AM, motty cruz <motty.cruz@gmail.com>wrote:
>>>
>>>> Hello David,
>>>>
>>>> this is the content on .htaccess
>>>> # BEGIN WordPress
>>>> <IfModule mod_rewrite.c>
>>>> RewriteEngine On
>>>> RewriteCond %{REQUEST_METHOD} POST
>>>> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>> RewriteRule ^(.*)$ - [R=403,L]
>>>> RewriteBase /
>>>> RewriteRule ^index\.php$ - [L]
>>>> RewriteCond %{REQUEST_FILENAME} !-f
>>>> RewriteCond %{REQUEST_FILENAME} !-d
>>>> RewriteRule . /index.php [L]
>>>> </IfModule>
>>>>
>>>> <FilesMatch wp-login.php>
>>>> Order Deny,Allow
>>>> Deny from all
>>>> Allow from 192.169.8.4
>>>> </FilesMatch>
>>>>
>>>> # END WordPress
>>>>
>>>> but no success!
>>>>
>>>>
>>>>
>>>> On Wed, Jun 12, 2013 at 8:43 AM, David Guerra <imdavidguerra@gmail.com>wrote:
>>>>
>>>>> Flop Allow and Deny so that your IP is whitelisted after the Deny from
>>>>> all.
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jun 12, 2013 at 11:20 AM, motty cruz <motty.cruz@gmail.com>wrote:
>>>>>
>>>>>> Hello,
>>>>>> I am trying to block a directory from being access except my IP but
I
>>>>>> had being unsuccessful in doing so, please help: First I place this
in
>>>>>> httpd.conf
>>>>>>
>>>>>> <Directory "/usr/local/www/apache22/data">
>>>>>>     Options Indexes FollowSymLinks
>>>>>>     Options ALL -Indexes
>>>>>>     IndexIgnore *
>>>>>>     AllowOverride None
>>>>>>     Order allow,deny
>>>>>>     Allow from all
>>>>>>     RewriteEngine On
>>>>>>     RewriteBase /
>>>>>>     RewriteCond %{REQUEST_METHOD} POST
>>>>>>     RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>>>>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>>>>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>>>>     RewriteRule ^(.*)$ - [R=403,L]
>>>>>>     RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
>>>>>>     RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E)
[NC,OR]
>>>>>>     RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E)
[NC,OR]
>>>>>>     RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
>>>>>>     RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
>>>>>>     RewriteRule ^(.*)$ index_error.php [F,L]
>>>>>>     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>>>>>     RewriteRule .* - [F]
>>>>>>     RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]
>>>>>>     RewriteCond %{REQUEST_FILENAME} !-f
>>>>>>     RewriteCond %{REQUEST_FILENAME} !-d
>>>>>>     RewriteRule . /index.php [L]
>>>>>> </Directory>
>>>>>>
>>>>>> I also tried this : on the / directory .htaccess
>>>>>> <FilesMatch wp-login.php>
>>>>>> Order Allow,Deny
>>>>>> Allow from 192.168.8.4
>>>>>> Deny from all
>>>>>> </FilesMatch>
>>>>>>
>>>>>> Is the wp-admin or wp-login.php script that I'm trying to protect
>>>>>> from brute force attacks,
>>>>>>
>>>>>> Thanks,
>>>>>> Motty
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>

Mime
View raw message