httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From motty cruz <motty.c...@gmail.com>
Subject [users@httpd] block directories using Apache22
Date Wed, 12 Jun 2013 15:20:17 GMT
Hello,
I am trying to block a directory from being access except my IP but I had
being unsuccessful in doing so, please help: First I place this in
httpd.conf

<Directory "/usr/local/www/apache22/data">
    Options Indexes FollowSymLinks
    Options ALL -Indexes
    IndexIgnore *
    AllowOverride None
    Order allow,deny
    Allow from all
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
    RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
    RewriteRule ^(.*)$ - [R=403,L]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    RewriteRule ^(.*)$ index_error.php [F,L]
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
    RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</Directory>

I also tried this : on the / directory .htaccess
<FilesMatch wp-login.php>
Order Allow,Deny
Allow from 192.168.8.4
Deny from all
</FilesMatch>

Is the wp-admin or wp-login.php script that I'm trying to protect from
brute force attacks,

Thanks,
Motty

Mime
View raw message