Support » Plugin: iQ Block Country » Allow ONLY whitelisted IP’s to attempt login…

  • Resolved WebBadAss

    (@webbadass)


    Hello! Love the plugin – its brilliant and helps weed out the unwanted better than almost anything – I have a couple things I want to accomplish and I think I should be able to do them with the plugin but not sure…

    The above domain name is for a festival that happens once a year so the rest of the year (say 9 months) – NO ONE needs to get into it on any level except ME. So i want to block access to the backend for everyone who is NOT whitelisted. Is this possible?

    And while I am asking – is there to whitelist ONLY Xfinitiy IP’s? The folks who need access seem to all be using Xfinity service… This would help with a couple other sites too…

    Thanks again for the great plugin! Keep it up!

    Clay

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Pascal

    (@iqpascal)

    Hi,

    Yes you could totally lock out every country and only work with whitelisted IP address.

    If you know the IP ranges of Xfinity you can allow complete ranges (that is if you’re comfortable with that)

    WebBadAss

    (@webbadass)

    How would I do that? Block out the whole planet but myself? Remove the US as well from the blocked country list? Wont that block me out regardless of the white list?

    https://www.dropbox.com/s/lldwyt374kf46wx/Screenshot%202018-11-21%2021.47.19.png?dl=0

    Any suggestions where I would look for the Xfinity IP Range?

    Thanks again!

    Plugin Author Pascal

    (@iqpascal)

    Hi,

    Yes you can block all countries and whitelist your own IP address. Ofcourse this is only useful if you have a static IP address.

    Whitelist always has precedence over blacklisting. You could even blacklist your own IP address but if it is on the whitelist you will get in.

    From Google:

    What are Comcast’s Dynamic IP Ranges?

    Dynamic IP Ranges

    Below is a list of our dynamic IP space. These are published to several DNSBLs that track dynamic IP space.
    IPv4
    24.0.0.0/12
    24.16.0.0/13
    24.30.0.0/17
    24.34.0.0/16
    24.60.0.0/14
    24.91.0.0/16
    24.98.0.0/15
    24.118.0.0/16
    24.125.0.0/16
    24.126.0.0/15
    24.128.0.0/16
    24.129.0.0/17
    24.130.0.0/15
    24.147.0.0/16
    24.218.0.0/16
    24.245.0.0/18
    50.128.0.0/10
    65.34.128.0/17
    65.96.0.0/16
    66.30.0.0/15
    66.41.0.0/16
    66.56.0.0/18
    66.176.0.0/15
    66.229.0.0/16
    67.160.0.0/12
    67.176.0.0/15
    67.180.0.0/14
    67.184.0.0/13
    68.32.0.0/11
    68.80.0.0/14
    68.84.0.0/16
    69.136.0.0/15
    69.138.0.0/16
    69.139.0.0/17
    69.140.0.0/14
    69.180.0.0/15
    69.242.0.0/15
    69.244.0.0/14
    69.248.0.0/14
    69.253.0.0/16
    69.254.0.0/15
    71.56.0.0/13
    71.192.0.0/12
    71.224.0.0/12
    73.0.0.0/8
    75.64.0.0/13
    75.72.0.0/15
    75.74.0.0/16
    75.75.0.0/17
    75.75.128.0/18
    76.16.0.0/12
    76.97.0.0/16
    76.98.0.0/15
    76.100.0.0/14
    76.104.0.0/13
    76.112.0.0/12
    98.192.0.0/13
    98.200.0.0/14
    98.204.0.0/16
    98.206.0.0/15
    98.208.0.0/12
    98.224.0.0/12
    98.240.0.0/16
    98.242.0.0/15
    98.244.0.0/14
    98.248.0.0/13
    107.2.0.0/15
    107.4.0.0/15
    174.48.0.0/12

    IPv6
    2001:558:6000::/36

    This is however a rather extensive list. I am not sure how xfinity works but usually ip ranges are dedicated to certain regions or cities even so you might be able to narrow it down if you get the IP addresses from the people who need access.

    Pascal, thanks a lot for following up on this with me… I think you are right that maybe allowing xfinity is impractical… Hrmmm. This is getting a little more complicated than i want it to be… I think i will block the whole planet including the US from accessing the backend and see if my whitelisted ip still lets me in there… If it changes from Xfinity i can ftp in and delete the plugin so allow myself access. How is that for clever!

    SIMPLY PUT, the bottom line is that no one should be able to have their login attempts be ALLOWED except those IP’s i say. AS IN the end result should be BOTH that they have been prevented from trying AND that i dont get an alert that someone tried to log in.

    Why do I want this pair of result? Again simply put, so my customer who keeps getting alerts that someone tried to log in will shut the hell up.

    I dont mind the daily failure notices but my customer cannot get over it and WONT let me just remove his address from the alerts setup… Grrr…

    Thanks again!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Allow ONLY whitelisted IP’s to attempt login…’ is closed to new replies.