WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
[resolved] Advanced blocking (IP range) broken in 4.0.3 (6 posts)

  1. Michael Fraase
    Member
    Posted 6 months ago #

    The ability to block a range of IP addresses is apparently broken in Wordfence 4.0.3.

    HERE'S WHAT I DID:

    1. WP-Admin > Wordfence > Advanced Blocking
    2. Added 198.27.99.0 - 198.27.99.255 in the "Block anyone that has an IP address in this range" field
    3. Added a reason in the "Enter a reason you're blocking this visitor pattern" field
    4. Clicked the "Block Visitors Matching this Pattern" button

    HERE'S WHAT I EXPECTED:

    The range of IP addresses I specified to be added to the "Current list of ranges and patterns you've blocked" list

    HERE'S WHAT HAPPENED:

    The following alert appeared:

    "You are trying to block yourself. Your IP address is 23.25.155.113 which falls into the range 198.27.99.0-198.27.99.255. This blocking action has been cancelled so that you don't block yourself from your website."

    And the blocking action was cancelled

    https://wordpress.org/plugins/wordfence/

  2. Wordfence
    Member
    Plugin Author

    Posted 6 months ago #

    Are you ABSOLUTELY sure you're running 4.0.3? Because this was a 4.0.2 bug which we fixed in 4.0.3.

    Thanks.

  3. Michael Fraase
    Member
    Posted 6 months ago #

    As sure as I can be.

    WP-Admin > Plugins > Wordfence reports 4.0.3

    The changelog section of readme.txt in the /wp-content/plugins/wordfence subdirectory reports 4.0.3

    I don't see any version reporting in any of the Wordfence plugin admin screens

  4. Wordfence
    Member
    Plugin Author

    Posted 6 months ago #

    I find myself intrigued. I just modified my test machine to pretend it has your IP address. Then I blocked that range and it works great.

    I pasted from your message:

    198.27.99.0-198.27.99.255

    without spaces prefixed or suffixed. Works great.

    Are you running a caching plugin? Is it possible you're getting a cached message? If so can you clear the cache?

    Try blocking a very slightly different range like: 198.27.99.0-198.27.99.254

    and let me know what happens.

    Not doubting your intelligence or sanity. Just a very curious problem.

    Thanks.

  5. Michael Fraase
    Member
    Posted 6 months ago #

    OK, very curious indeed.

    Yes, I'm running W3 Total Cache, but cleared it before and after applying IP range block (then I tried with turning it off).

    Then I tried 198.27.99.0-198.27.99.255 (with no preceding or succeeding space; and no space between the dash). That works.

    Historically, I've replicated the IP range I want to block using the example beneath the block fields. The example sets off the hyphen with a space on either side. Stripping that space resolves the issue.

    I suggest either allowing a single whitespace on either side of the hyphen or setting the example without the single whitespace on either side of the hyphen.

    Thanks for the responses, much appreciated.

  6. Wordfence
    Member
    Plugin Author

    Posted 6 months ago #

    Hi Michael,

    We do actually allow spaces around the hyphen. I think W3 cache was doing something funny here. You were seeing a cached response which was caused by an older bug.

    Can you check if the space around the hyphen works now with a different range?

    Regards,

    Mark.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.