httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From motty cruz <motty.c...@gmail.com>
Subject Re: [users@httpd] block directories using Apache22
Date Wed, 12 Jun 2013 15:52:12 GMT
Hello David,

this is the content on .htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
RewriteRule ^(.*)$ - [R=403,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

<FilesMatch wp-login.php>
Order Deny,Allow
Deny from all
Allow from 192.169.8.4
</FilesMatch>

# END WordPress

but no success!



On Wed, Jun 12, 2013 at 8:43 AM, David Guerra <imdavidguerra@gmail.com>wrote:

> Flop Allow and Deny so that your IP is whitelisted after the Deny from all.
>
>
>
> On Wed, Jun 12, 2013 at 11:20 AM, motty cruz <motty.cruz@gmail.com> wrote:
>
>> Hello,
>> I am trying to block a directory from being access except my IP but I had
>> being unsuccessful in doing so, please help: First I place this in
>> httpd.conf
>>
>> <Directory "/usr/local/www/apache22/data">
>>     Options Indexes FollowSymLinks
>>     Options ALL -Indexes
>>     IndexIgnore *
>>     AllowOverride None
>>     Order allow,deny
>>     Allow from all
>>     RewriteEngine On
>>     RewriteBase /
>>     RewriteCond %{REQUEST_METHOD} POST
>>     RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>     RewriteRule ^(.*)$ - [R=403,L]
>>     RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
>>     RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
>>     RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
>>     RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
>>     RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
>>     RewriteRule ^(.*)$ index_error.php [F,L]
>>     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>     RewriteRule .* - [F]
>>     RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]
>>     RewriteCond %{REQUEST_FILENAME} !-f
>>     RewriteCond %{REQUEST_FILENAME} !-d
>>     RewriteRule . /index.php [L]
>> </Directory>
>>
>> I also tried this : on the / directory .htaccess
>> <FilesMatch wp-login.php>
>> Order Allow,Deny
>> Allow from 192.168.8.4
>> Deny from all
>> </FilesMatch>
>>
>> Is the wp-admin or wp-login.php script that I'm trying to protect from
>> brute force attacks,
>>
>> Thanks,
>> Motty
>>
>
>

Mime
View raw message