Hey @flemmo
Yes, you could achieve this by listing every /8 IP address block in the “banned users” list stating at 1.0.0.0/8 through to 255.0.0.0/8 breaking out the ranges in your whitelist (iThemes Security doesn’t allow IP addresses that are whitelisted to co-exist as “banned users”)
You could use http://jodies.de/ipcalc as a tool to calculate the CIDR notation you’ll need.
Hope that helps
Thread Starter
flemmo
(@flemmo)
Hi, Mark.
Thanks for the suggestion. I’m not sure how to go about breaking out the IP addresses in my whitelist?
For example, say I want to block every IP address other than 2.28.167.233 and 213.205.192.10
Thanks for your help.
Chris
Hi @flemmo
It would look something like this;
[Large text excerpt removed by moderator per forum rules. Please use Pastebin or a Gist for all large code/text excerpts.]
Text block here: https://pastebin.com/VCTewZkV
Try that and let me know how you get on
-
This reply was modified 8 years, 12 months ago by
bdbrown.
@flemmo
If iThemes throws up an error about IP ranges that are “whitelisted” but you haven’t whitelisted them – don’t panic
iThemes would appear to use Amazon AWS for some of it’s processes so just let me know what IP addressed are flagged and I’ll adjust the solution accordingly for you
Thread Starter
flemmo
(@flemmo)
Thanks Mark,
In the end I decided to go down the htaccess route with the following code that only allows access via a specified web address, thus excluding access by bots.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?example\.com [NC]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteRule ^(.*)$ - [F]
</IfModule>
Hey @flemmo
Fair play to you, that’s an elegant solution to a complex problem, well done sir
