Fix for blocking hosts behind load balancer
-
Hi all,
We have some WP sites behind a load balancer, and the normal method of Apache blocking (Deny from 1.2.3.4) does not work.
Instead, we use the following format:
# this goes after Order allow,deny Deny from env=DenyAccess
# then for each blocked IP: SetEnvIf X-Cluster-Client-Ip "^1\.2\.3\.4" DenyAccess
Please note the
\.
instead of just.
. This is becauseSetEnvIf
uses regex matching, so we want to escape the.
(for those not familiar with regex, it matches any single character).To patch WP Better Security, you need to edit a few lines (these line #’s may change in future updates!). In
/wp-content/plugins/better-wp-security/inc/admin/common.php
:Around line 316, replace:
$rules .= "Order allow,deny" . PHP_EOL .
with
$rules .= "Order allow,deny" . PHP_EOL . "Deny from env=DenyAccess" . PHP_EOL .
Around line line 352, replace:
$trule = "Deny from " . $dhost . PHP_EOL;
with
$rs_dhost = str_replace(".", "\.", $dhost); $trule = 'SetEnvIf X-Cluster-Client-Ip "^' . $rs_dhost . '" DenyAccess' . PHP_EOL;
And finally, around 378, replace:
$rules .= "Deny from " . $dhost . PHP_EOL;
with
$rs_dhost = str_replace(".", "\.", $dhost); $rules .= 'SetEnvIf X-Cluster-Client-Ip "^' . $rs_dhost . '" DenyAccess' . PHP_EOL;
Hope this helps someone! This has been tested on Rackspace Cloud Sites, and will likely work for things like Varnish (if you’re having issues) as well.
- The topic ‘Fix for blocking hosts behind load balancer’ is closed to new replies.