httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From motty cruz <motty.c...@gmail.com>
Subject Re: [users@httpd] block directories using Apache22
Date Wed, 12 Jun 2013 16:16:10 GMT
I am not using virtual host, I'm adding to .htaccess in the root directory
of web site.

but after adding this to my httpd.conf file it worked perfectly fine.

Thank you very much David for your help,

-Motty


On Wed, Jun 12, 2013 at 9:09 AM, David Guerra <imdavidguerra@gmail.com>wrote:

> Yes, it should work just fine.  Are you putting this in the virtual host?
>
>
> On Wed, Jun 12, 2013 at 12:08 PM, motty cruz <motty.cruz@gmail.com> wrote:
>
>> Thanks for your help David,
>>
>> can this be accomplish in httpd.conf?
>>
>> Thanks,
>>
>>
>> On Wed, Jun 12, 2013 at 9:07 AM, motty cruz <motty.cruz@gmail.com> wrote:
>>
>>> 192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] "GET /wp-login.php
>>> HTTP/1.1" 200 1085
>>>
>>> I am still able to get access from a different IP than the one allow in
>>> .htaccess
>>> as you suggest:
>>> <Files wp-login.php>
>>> order deny,allow
>>> Deny from all
>>> allow from 192.168.8.4
>>> </Files>
>>>
>>>
>>>
>>> On Wed, Jun 12, 2013 at 9:01 AM, David Guerra <imdavidguerra@gmail.com>wrote:
>>>
>>>> Try this format:
>>>>
>>>> <Files wp-login.php>
>>>> order deny,allow
>>>> Deny from all
>>>> allow from xx.xxx.xx.xx
>>>> allow from xx.xxx.xx.xx
>>>> </Files>
>>>>
>>>>
>>>>
>>>> On Wed, Jun 12, 2013 at 11:52 AM, motty cruz <motty.cruz@gmail.com>wrote:
>>>>
>>>>> Hello David,
>>>>>
>>>>> this is the content on .htaccess
>>>>> # BEGIN WordPress
>>>>> <IfModule mod_rewrite.c>
>>>>> RewriteEngine On
>>>>> RewriteCond %{REQUEST_METHOD} POST
>>>>> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>>> RewriteRule ^(.*)$ - [R=403,L]
>>>>> RewriteBase /
>>>>> RewriteRule ^index\.php$ - [L]
>>>>> RewriteCond %{REQUEST_FILENAME} !-f
>>>>> RewriteCond %{REQUEST_FILENAME} !-d
>>>>> RewriteRule . /index.php [L]
>>>>> </IfModule>
>>>>>
>>>>> <FilesMatch wp-login.php>
>>>>> Order Deny,Allow
>>>>> Deny from all
>>>>> Allow from 192.169.8.4
>>>>> </FilesMatch>
>>>>>
>>>>> # END WordPress
>>>>>
>>>>> but no success!
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jun 12, 2013 at 8:43 AM, David Guerra <imdavidguerra@gmail.com
>>>>> > wrote:
>>>>>
>>>>>> Flop Allow and Deny so that your IP is whitelisted after the Deny
>>>>>> from all.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Jun 12, 2013 at 11:20 AM, motty cruz <motty.cruz@gmail.com>wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>> I am trying to block a directory from being access except my
IP but
>>>>>>> I had being unsuccessful in doing so, please help: First I place
this in
>>>>>>> httpd.conf
>>>>>>>
>>>>>>> <Directory "/usr/local/www/apache22/data">
>>>>>>>     Options Indexes FollowSymLinks
>>>>>>>     Options ALL -Indexes
>>>>>>>     IndexIgnore *
>>>>>>>     AllowOverride None
>>>>>>>     Order allow,deny
>>>>>>>     Allow from all
>>>>>>>     RewriteEngine On
>>>>>>>     RewriteBase /
>>>>>>>     RewriteCond %{REQUEST_METHOD} POST
>>>>>>>     RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>>>>>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>>>>>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>>>>>     RewriteRule ^(.*)$ - [R=403,L]
>>>>>>>     RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
>>>>>>>     RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E)
[NC,OR]
>>>>>>>     RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E)
[NC,OR]
>>>>>>>     RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2})
[OR]
>>>>>>>     RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
>>>>>>>     RewriteRule ^(.*)$ index_error.php [F,L]
>>>>>>>     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>>>>>>     RewriteRule .* - [F]
>>>>>>>     RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]
>>>>>>>     RewriteCond %{REQUEST_FILENAME} !-f
>>>>>>>     RewriteCond %{REQUEST_FILENAME} !-d
>>>>>>>     RewriteRule . /index.php [L]
>>>>>>> </Directory>
>>>>>>>
>>>>>>> I also tried this : on the / directory .htaccess
>>>>>>> <FilesMatch wp-login.php>
>>>>>>> Order Allow,Deny
>>>>>>> Allow from 192.168.8.4
>>>>>>> Deny from all
>>>>>>> </FilesMatch>
>>>>>>>
>>>>>>> Is the wp-admin or wp-login.php script that I'm trying to protect
>>>>>>> from brute force attacks,
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Motty
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

Mime
View raw message