Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C879F10568 for ; Wed, 12 Jun 2013 15:20:50 +0000 (UTC) Received: (qmail 97627 invoked by uid 500); 12 Jun 2013 15:20:47 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 97517 invoked by uid 500); 12 Jun 2013 15:20:47 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 97509 invoked by uid 99); 12 Jun 2013 15:20:47 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jun 2013 15:20:47 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of motty.cruz@gmail.com designates 209.85.223.170 as permitted sender) Received: from [209.85.223.170] (HELO mail-ie0-f170.google.com) (209.85.223.170) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jun 2013 15:20:38 +0000 Received: by mail-ie0-f170.google.com with SMTP id e11so7661915iej.15 for ; Wed, 12 Jun 2013 08:20:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=W60VC3Ffj/lc1sp8Tw5HizTOSPzRbEuOyq7qMBsI3PY=; b=AqtcNCBQ9vGupOZ/TJw17vmX5Zl2kSGTGHoe1J+lCH9vDcihoFhZrl2scHD++szQLn aY2nmYLlgD81ZG7U0iqGlV+9w5SQ/O/sBP5eCqKI4BeGdzJ91LA30bV6YwjBHT1l/tBV 7WFnIzkYlfD0RNMZd26myj0Fk1ydgdTjv66NeGKAezWWlBqqrdoFNxQnIkf6linKiI9H P1TIwtYVIxbdUkz/bn1MIvxMovrGM+bEpMBjOh/siNGF7EkXL1tB4YqxqpUSFNkseXUn Y57HWbmpG1Khi5fIefzMQDlsD0qXkOBdY4svQuBoAP81dupdZxzuBi4cnooSoH1SjoAA Tixw== MIME-Version: 1.0 X-Received: by 10.50.97.74 with SMTP id dy10mr3582999igb.3.1371050417850; Wed, 12 Jun 2013 08:20:17 -0700 (PDT) Received: by 10.50.7.193 with HTTP; Wed, 12 Jun 2013 08:20:17 -0700 (PDT) Date: Wed, 12 Jun 2013 08:20:17 -0700 Message-ID: From: motty cruz To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=047d7b10d01d200ef604def68d2f X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] block directories using Apache22 --047d7b10d01d200ef604def68d2f Content-Type: text/plain; charset=ISO-8859-1 Hello, I am trying to block a directory from being access except my IP but I had being unsuccessful in doing so, please help: First I place this in httpd.conf Options Indexes FollowSymLinks Options ALL -Indexes IndexIgnore * AllowOverride None Order allow,deny Allow from all RewriteEngine On RewriteBase / RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ RewriteRule ^(.*)$ - [R=403,L] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index_error.php [F,L] RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] RewriteRule ^my-admin$ wp-login.php [L,NC,QSA] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] I also tried this : on the / directory .htaccess Order Allow,Deny Allow from 192.168.8.4 Deny from all Is the wp-admin or wp-login.php script that I'm trying to protect from brute force attacks, Thanks, Motty --047d7b10d01d200ef604def68d2f Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

Hello,=A0

I am trying to block a directory from = being access except my IP but I had being unsuccessful in doing so, please = help: First I place this in httpd.conf

<Directo= ry "/usr/local/www/apache22/data">

=A0 =A0 Options Indexes FollowSymLinks

=A0 =A0 Options ALL -= Indexes

=A0 =A0 IndexIgnore *

=A0 =A0 AllowOverride Non= e

=A0 =A0 Order allow,deny

=A0 =A0 Allow from all

=

=A0 =A0 RewriteEngine On

=A0 =A0 RewriteBase /

=A0 =A0 RewriteCond %{REQUEST_METHOD} = POST

=A0 =A0 RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.= com [NC]

=A0 =A0 RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(= .*)$ [OR]

=A0 =A0 RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$

=A0 =A0 = RewriteRule ^(.*)$ - [R=3D403,L]

=A0 =A0 RewriteCond %{QUERY_STRI= NG} base64_encode.*\(.*\) [OR]

=A0 =A0 RewriteCond %{QUERY_STRING= } (\<|%3C).*script.*(\>|%3E) [NC,OR]

=A0 =A0 RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [= NC,OR]

=A0 =A0 RewriteCond %{QUERY_STRING} GLOBALS(=3D|\[|\%[0-9A= -Z]{0,2}) [OR]

=A0 =A0 RewriteCond %{QUERY_STRING} _REQUEST(=3D|\= [|\%[0-9A-Z]{0,2})

=A0 =A0 RewriteRule ^(.*)$ index_error.php [F,L]

=A0 =A0 Rew= riteCond %{REQUEST_METHOD} ^(TRACE|TRACK)

=A0 =A0 RewriteRule .* = - [F]

=A0 =A0 RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]

=A0 =A0 RewriteCond %{REQUEST_FILENAME} !-f

=A0 =A0 RewriteCond %{REQUEST_FILENAME} !-d

=A0 =A0 RewriteR= ule . /index.php [L]

</Directory>

I also tried this : on the / directory .htaccess

<FilesMatch wp-login.php>

Order Allow,Deny

Allow from 192.168.8.4

Deny from = all

</FilesMatch>

Is t= he wp-admin or wp-login.php script that I'm trying to protect from brut= e force attacks,=A0

Thanks,=A0
Motty

--047d7b10d01d200ef604def68d2f--