WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
[resolved] WF IP block vs. .htaccess (13 posts)

  1. aspasa
    Member
    Posted 5 months ago #

    Even though I block 'healthy' ranges of IP#'s in .htaccess [with a simple 'deny from'] I observe that WF logs some of these IP#'s as 'Blocked from accessing this site' - and counts the access attempts.

    Does this mean that WF's blocking techniques take precedence over .htaccess?

    Thanks.

    https://wordpress.org/plugins/wordfence/

  2. RobinInTexas
    Member
    Posted 5 months ago #

    Not possible. If your .htaccess is written correctly they cannot access the site at all.

    I have over 50 ranges blocked using .htaccess and never see them.

    Are you using something like:

    deny from 198.50.128.0/17

    ??

    try substituting the range for your isp and see if you are blocked

    By the way, I prefer to redirect over the deny access, it't a little cleaner and doesn't fill your server error log.

    RewriteCond %{REMOTE_ADDR} ^183\. [OR] # large china block
    RewriteCond %{HTTP_USER_AGENT} baidu [NC] #
    RewriteRule .* http://%{REMOTE_ADDR} [L,R=301]

  3. aspasa
    Member
    Posted 5 months ago #

    @RobinInTexas

    Re: 'not possible' - good to know. Thanks.

    And yes, I am using something like:
    # Amazon, HiNet and Bezequint Blocks
    deny from 1.34.0.0/15 103.4.8.0/21 107.20.0.0/14 122.248.192.0/18 107.20.0.0/14 etc...

    Thanks too for the 3 'redirect' examples above. *Sigh*. Always more to learn!

    Where would i go to see 'quick-n-easy' examples and explanations of those RewriteCond and RewriteRule decs.?

  4. Wordfence
    Member
    Plugin Author

    Posted 5 months ago #

    Hi,

    Please check the config option in Wordfence on how Wordfence get's IP addresses and let me know what it's set to.

    Robin each to his/her own but I'm not sure I'd redirect blocked IP's back to their own IP address with a 301. The web standard recommends you return a 403 Forbidden which from memory I think would be something like:


    RewriteCond %{REMOTE_ADDR} ^183\. [OR] # large china block
    RewriteCond %{HTTP_USER_AGENT} baidu [NC] #
    RewriteRule .* - [F]

    Regards,

    Mark.

  5. aspasa
    Member
    Posted 5 months ago #

    Re: Wordfence Get IP's

    I've chosen ‘Use PHP’s built in REMOTE_ADDR….’

    Thanks.

  6. aspasa
    Member
    Posted 5 months ago #

    where do I find out what these [OR], [NC] & [F]'s all mean? Tx.

  7. Wordfence
    Member
    Plugin Author

    Posted 5 months ago #

    Do you know if you have a proxy or nginx in front of your web server? Of so you can try switching to X-Forwarded-For which may give you better results. But first, do me a favor and check your live traffic. Are you seeing a lot of different IP's or are they all the same IP?

    htaccess is actually just an apache configuration file that applies to a particular directory and subdirs. So to cover all directives in that file would require me to give you an exhaustive guide to apache configuration. However the specific directives you're interested in are related to mod_rewrite which you can find here:

    http://httpd.apache.org/docs/current/mod/mod_rewrite.html

    Regards,

    Mark
    PS: If you found this helpful, please rate Wordfence 5 stars.
    http://wordpress.org/plugins/wordfence/

  8. Wordfence
    Member
    Plugin Author

    Posted 5 months ago #

    PS: Nice gravatar. From The Jackal?

  9. RobinInTexas
    Member
    Posted 5 months ago #

    I use shared hosting, and with over 60 & growing ranges blocked, I got frustrated diagnosing server errors when the last 300 lines were mostly filled with "ip 123.456.132.465 denied due to server configuration."

    Redirecting rogue bots and scrapers puts minimal load on the server, and sending them to a live site is likely to upset the site that gets the traffic. So I teach the bots to contemplate their navels so to speak.

    But after what you pointed out, I'm going to test

    RewriteRule .* http://%{REMOTE_ADDR} [L,R=403]

  10. aspasa
    Member
    Posted 5 months ago #

    as most of mine are Ruskian I redirect them to http://www.sochi2014.com/ - it's in Russian if that's where you're botting from!

  11. aspasa
    Member
    Posted 5 months ago #

    @mark yes, indeed from The Jackal!

  12. RobinInTexas
    Member
    Posted 5 months ago #

    I would not want to risk annoying an attacker, it's one thing to block them, they expect that. But they might take it personally if you pick on their site and send all your unwanted traffic to them. In my case, I'm sending lots of unwanted scrapers and bots away.

  13. RobinInTexas
    Member
    Posted 5 months ago #

    After what Mark pointed out, I tested

    RewriteRule .* http://%{REMOTE_ADDR} [L,R=403]

    And the 403 works as I hoped. The traffic is gone with no hit to the Apache error log.

Reply

You must log in to post.

About this Plugin

About this Topic