httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From motty cruz <motty.c...@gmail.com>
Subject Re: [users@httpd] block directories using Apache22
Date Wed, 12 Jun 2013 16:07:37 GMT
192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] "GET /wp-login.php HTTP/1.1"
200 1085

I am still able to get access from a different IP than the one allow in
.htaccess
as you suggest:
<Files wp-login.php>
order deny,allow
Deny from all
allow from 192.168.8.4
</Files>



On Wed, Jun 12, 2013 at 9:01 AM, David Guerra <imdavidguerra@gmail.com>wrote:

> Try this format:
>
> <Files wp-login.php>
> order deny,allow
> Deny from all
> allow from xx.xxx.xx.xx
> allow from xx.xxx.xx.xx
> </Files>
>
>
>
> On Wed, Jun 12, 2013 at 11:52 AM, motty cruz <motty.cruz@gmail.com> wrote:
>
>> Hello David,
>>
>> this is the content on .htaccess
>> # BEGIN WordPress
>> <IfModule mod_rewrite.c>
>> RewriteEngine On
>> RewriteCond %{REQUEST_METHOD} POST
>> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>> RewriteRule ^(.*)$ - [R=403,L]
>> RewriteBase /
>> RewriteRule ^index\.php$ - [L]
>> RewriteCond %{REQUEST_FILENAME} !-f
>> RewriteCond %{REQUEST_FILENAME} !-d
>> RewriteRule . /index.php [L]
>> </IfModule>
>>
>> <FilesMatch wp-login.php>
>> Order Deny,Allow
>> Deny from all
>> Allow from 192.169.8.4
>> </FilesMatch>
>>
>> # END WordPress
>>
>> but no success!
>>
>>
>>
>> On Wed, Jun 12, 2013 at 8:43 AM, David Guerra <imdavidguerra@gmail.com>wrote:
>>
>>> Flop Allow and Deny so that your IP is whitelisted after the Deny from
>>> all.
>>>
>>>
>>>
>>> On Wed, Jun 12, 2013 at 11:20 AM, motty cruz <motty.cruz@gmail.com>wrote:
>>>
>>>> Hello,
>>>> I am trying to block a directory from being access except my IP but I
>>>> had being unsuccessful in doing so, please help: First I place this in
>>>> httpd.conf
>>>>
>>>> <Directory "/usr/local/www/apache22/data">
>>>>     Options Indexes FollowSymLinks
>>>>     Options ALL -Indexes
>>>>     IndexIgnore *
>>>>     AllowOverride None
>>>>     Order allow,deny
>>>>     Allow from all
>>>>     RewriteEngine On
>>>>     RewriteBase /
>>>>     RewriteCond %{REQUEST_METHOD} POST
>>>>     RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>>     RewriteRule ^(.*)$ - [R=403,L]
>>>>     RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
>>>>     RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
>>>>     RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
>>>>     RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
>>>>     RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
>>>>     RewriteRule ^(.*)$ index_error.php [F,L]
>>>>     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>>>     RewriteRule .* - [F]
>>>>     RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]
>>>>     RewriteCond %{REQUEST_FILENAME} !-f
>>>>     RewriteCond %{REQUEST_FILENAME} !-d
>>>>     RewriteRule . /index.php [L]
>>>> </Directory>
>>>>
>>>> I also tried this : on the / directory .htaccess
>>>> <FilesMatch wp-login.php>
>>>> Order Allow,Deny
>>>> Allow from 192.168.8.4
>>>> Deny from all
>>>> </FilesMatch>
>>>>
>>>> Is the wp-admin or wp-login.php script that I'm trying to protect from
>>>> brute force attacks,
>>>>
>>>> Thanks,
>>>> Motty
>>>>
>>>
>>>
>>
>

Mime
View raw message