Glad I could help.Your issue is probably that you don't have htaccess override set to allow. :)Kick those bots!On Wed, Jun 12, 2013 at 12:16 PM, motty cruz <motty.cruz@xxxxxxxxx> wrote:I am not using virtual host, I'm adding to .htaccess in the root directory of web site.but after adding this to my httpd.conf file it worked perfectly fine.
Thank you very much David for your help,-Motty
On Wed, Jun 12, 2013 at 9:09 AM, David Guerra <imdavidguerra@xxxxxxxxx> wrote:
Yes, it should work just fine. Are you putting this in the virtual host?On Wed, Jun 12, 2013 at 12:08 PM, motty cruz <motty.cruz@xxxxxxxxx> wrote:
Thanks for your help David,can this be accomplish in httpd.conf?Thanks,On Wed, Jun 12, 2013 at 9:07 AM, motty cruz <motty.cruz@xxxxxxxxx> wrote:192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] "GET /wp-login.php HTTP/1.1" 200 1085I am still able to get access from a different IP than the one allow in .htaccessas you suggest:<Files wp-login.php>order deny,allowDeny from allallow from 192.168.8.4</Files>On Wed, Jun 12, 2013 at 9:01 AM, David Guerra <imdavidguerra@xxxxxxxxx> wrote:Try this format:<Files wp-login.php>order deny,allowDeny from allallow from xx.xxx.xx.xxallow from xx.xxx.xx.xx</Files>On Wed, Jun 12, 2013 at 11:52 AM, motty cruz <motty.cruz@xxxxxxxxx> wrote:
Hello David,this is the content on .htaccess# BEGIN WordPress<IfModule mod_rewrite.c>RewriteEngine OnRewriteCond %{REQUEST_METHOD} POSTRewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$RewriteRule ^(.*)$ - [R=403,L]RewriteBase /RewriteRule ^index\.php$ - [L]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]</IfModule><FilesMatch wp-login.php>Order Deny,AllowDeny from allAllow from 192.169.8.4</FilesMatch># END WordPress
but no success!On Wed, Jun 12, 2013 at 8:43 AM, David Guerra <imdavidguerra@xxxxxxxxx> wrote:
Flop Allow and Deny so that your IP is whitelisted after the Deny from all.On Wed, Jun 12, 2013 at 11:20 AM, motty cruz <motty.cruz@xxxxxxxxx> wrote:
Hello,I am trying to block a directory from being access except my IP but I had being unsuccessful in doing so, please help: First I place this in httpd.conf<Directory "/usr/local/www/apache22/data">Options Indexes FollowSymLinksOptions ALL -IndexesIndexIgnore *AllowOverride NoneOrder allow,denyAllow from allRewriteEngine OnRewriteBase /RewriteCond %{REQUEST_METHOD} POSTRewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$RewriteRule ^(.*)$ - [R=403,L]RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})RewriteRule ^(.*)$ index_error.php [F,L]RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)RewriteRule .* - [F]RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]</Directory>I also tried this : on the / directory .htaccess<FilesMatch wp-login.php>Order Allow,DenyAllow from 192.168.8.4Deny from all</FilesMatch>Is the wp-admin or wp-login.php script that I'm trying to protect from brute force attacks,Thanks,
Motty
|