• Resolved yvrdarb

    (@yvrdarb)


    Sorry, noobish question, but what is the proper format to use two or more variables?

    Will the following work:

    <?php
    /*
     +============================================================================================+
     | NinjaFirewall optional configuration file                                                  |
     |                                                                                            |
     | See: https://blog.nintechnet.com/ninjafirewall-pro-edition-the-htninja-configuration-file/ |
     +============================================================================================+
    */
    
    // Users of Cloudflare CDN:
    if (! empty($_SERVER["HTTP_CF_CONNECTING_IP"]) &&
     filter_var($_SERVER["HTTP_CF_CONNECTING_IP"],FILTER_VALIDATE_IP)) {
       $_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
    if ( $_SERVER["REMOTE_ADDR"] == '1.2.3.4' ) {
       return 'ALLOW'; // whitelist
    }
    • This topic was modified 2 years, 7 months ago by yvrdarb.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Your code has a syntax error, it misses a closing } character.
    This one is fine:

    <?php
    /*
     +============================================================================================+
     | NinjaFirewall optional configuration file                                                  |
     |                                                                                            |
     | See: https://blog.nintechnet.com/ninjafirewall-pro-edition-the-htninja-configuration-file/ |
     +============================================================================================+
    */
    
    // Users of Cloudflare CDN:
    if (! empty($_SERVER["HTTP_CF_CONNECTING_IP"]) &&
     filter_var($_SERVER["HTTP_CF_CONNECTING_IP"],FILTER_VALIDATE_IP) ) {
       $_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
    }
    
    if ( $_SERVER["REMOTE_ADDR"] == '1.2.3.4' ) {
       return 'ALLOW'; // whitelist
    }
    
    Thread Starter yvrdarb

    (@yvrdarb)

    Thanks.

    It may make a good addition to the .htninja documentation page on the website.

    Cheers.

    Thread Starter yvrdarb

    (@yvrdarb)

    Return ‘ALLOW’; // whitelist isn’t a unconditional all whitelist?

    I am trying to allow MainWP through (on another server) and NF seems to like block it.

    24/Feb/20 11:59:27  #5926404  MEDIUM       -  199.16.XXX.XXX    POST /wordpress/wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - XXXXXXX.com
    25/Feb/20 11:59:21  #8795847  MEDIUM       -  199.16.XXX.XXX    POST /wordpress/wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - XXXXXXX.com
    25/Feb/20 11:59:24  #6067405  MEDIUM       -  199.16.XXX.XXX    POST /wordpress/wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - XXXXXXX.com

    Any suggestions?

    Plugin Author nintechnet

    (@nintechnet)

    Did you check in the firewall’s “Dashboard” page if the .htninja is detected and loaded by the firewall?

    Hi !

    And when you want to allow multiple folders without filtering ??? :

    if (strpos($_SERVER[‘SCRIPT_NAME’], ‘/my-first-folder-without-filtering/’) !== FALSE) {
    return ‘ALLOW’;

    works for the first folder, how i can add a second, third folder to this code ??

    thanks

    Plugin Author nintechnet

    (@nintechnet)

    This is regular PHP code. See some PHP tutorials if you aren’t familiar with PHP.

    <?php
    if ( strpos($_SERVER['SCRIPT_NAME'], 'some-script.php') !== FALSE ||
       strpos($_SERVER['SCRIPT_NAME'], 'another-script.php') !== FALSE ||
       strpos($_SERVER['SCRIPT_NAME'], '/a-folder/') !== FALSE ) {
    
       return 'ALLOW';
    }
    
    

    Make sure the folders exist on your site (i.e., you can see them when you connect over FTP). If they don’t exist, they aren’t folders but permalinks, which means you should use $_SERVER['REQUEST_URI'] instead of $_SERVER['SCRIPT_NAME'].

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘.htninja Multiple Variables’ is closed to new replies.