httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Guerra <imdavidgue...@gmail.com>
Subject Re: [users@httpd] block directories using Apache22
Date Wed, 12 Jun 2013 16:01:00 GMT
Try this format:

<Files wp-login.php>
order deny,allow
Deny from all
allow from xx.xxx.xx.xx
allow from xx.xxx.xx.xx
</Files>



On Wed, Jun 12, 2013 at 11:52 AM, motty cruz <motty.cruz@gmail.com> wrote:

> Hello David,
>
> this is the content on .htaccess
> # BEGIN WordPress
> <IfModule mod_rewrite.c>
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} POST
> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
> RewriteRule ^(.*)$ - [R=403,L]
> RewriteBase /
> RewriteRule ^index\.php$ - [L]
> RewriteCond %{REQUEST_FILENAME} !-f
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteRule . /index.php [L]
> </IfModule>
>
> <FilesMatch wp-login.php>
> Order Deny,Allow
> Deny from all
> Allow from 192.169.8.4
> </FilesMatch>
>
> # END WordPress
>
> but no success!
>
>
>
> On Wed, Jun 12, 2013 at 8:43 AM, David Guerra <imdavidguerra@gmail.com>wrote:
>
>> Flop Allow and Deny so that your IP is whitelisted after the Deny from
>> all.
>>
>>
>>
>> On Wed, Jun 12, 2013 at 11:20 AM, motty cruz <motty.cruz@gmail.com>wrote:
>>
>>> Hello,
>>> I am trying to block a directory from being access except my IP but I
>>> had being unsuccessful in doing so, please help: First I place this in
>>> httpd.conf
>>>
>>> <Directory "/usr/local/www/apache22/data">
>>>     Options Indexes FollowSymLinks
>>>     Options ALL -Indexes
>>>     IndexIgnore *
>>>     AllowOverride None
>>>     Order allow,deny
>>>     Allow from all
>>>     RewriteEngine On
>>>     RewriteBase /
>>>     RewriteCond %{REQUEST_METHOD} POST
>>>     RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>     RewriteRule ^(.*)$ - [R=403,L]
>>>     RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
>>>     RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
>>>     RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
>>>     RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
>>>     RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
>>>     RewriteRule ^(.*)$ index_error.php [F,L]
>>>     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>>     RewriteRule .* - [F]
>>>     RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]
>>>     RewriteCond %{REQUEST_FILENAME} !-f
>>>     RewriteCond %{REQUEST_FILENAME} !-d
>>>     RewriteRule . /index.php [L]
>>> </Directory>
>>>
>>> I also tried this : on the / directory .htaccess
>>> <FilesMatch wp-login.php>
>>> Order Allow,Deny
>>> Allow from 192.168.8.4
>>> Deny from all
>>> </FilesMatch>
>>>
>>> Is the wp-admin or wp-login.php script that I'm trying to protect from
>>> brute force attacks,
>>>
>>> Thanks,
>>> Motty
>>>
>>
>>
>

Mime
View raw message