WAF Rule Syntax

  • Resolved ljfent

    (@ljfent)


    1 month, 2 weeks ago

    Is this correct WAF Rule syntax for blocking an IP Address Range. If not, please correct.

    SecRule REMOTE_ADDR “@ipMatch 21.0.0.0/8” “id:1001, phase:1, deny, log, msg:’Blocking IP Range 21.0.0.0/8′”

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author IniLerm

    (@inilerm)

    1 month, 2 weeks ago

    Great question. The syntax you posted (SecRule REMOTE_ADDR…) is for ModSecurity (an Apache server module), not for this plugin. If you paste that into our WAF settings, it will not work because our engine does not read ModSecurity rules.

    How to block an IP Range in this plugin (The Easy Way):

    You don’t need complex code! We have a dedicated tool for this:

    1. Go to Security > IP Management > Blocked IPs.
    2. In the “Manually Block IP” box, simply type the CIDR range:
      21.0.0.0/8
    3. Click Block IP.

    That’s it! The plugin will handle the math to block every IP in that range automatically (and even sync it to .htaccess/Cloudflare if you have those enabled).

    About the WAF Tab:
    The “Firewall (WAF)” tab in our plugin is designed for blocking URL patterns and Text (like SQL injections or bad keywords), not for IP addresses. For IPs, always use the “IP Management” tab.

    Best regards,

    Advancedr IP Blocker Team

    Plugin Author IniLerm

    (@inilerm)

    1 month, 2 weeks ago

    Bonus Tip for Advanced Control (Example):

    If you only want to block that IP range from specific areas (like the login page) instead of the whole site, you can use our Advanced Rules Engine:

    1. Go to Security > Blocking Rules > Advanced Rules.
    2. Click Add New Rule.
    3. Name: Block Range on Login
    4. Condition 1: IP Range Is 21.0.0.0/8
    5. Click AND to add a second condition.
    6. Condition 2: Request URI Contains wp-login.php
    7. Action: Block (or Challenge if you want to give them a chance).

    This gives you surgical precision that simple IP blocking lists can’t offer!

    • This reply was modified 1 month, 2 weeks ago by IniLerm.
Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.