• Resolved saso

    (@saiso)


    Hi,

    Wordfence scan on our page does not finish because there are country blocking rules written in root .htaccess on a shared hosting server. If I comment out those rules or if I rename the .htaccess file for the time of Wordfence custom scan it finishes successfully.

    #
    # BLOCK HTTP ACCESS (ATTACKS)
    # Throw a 403/Forbidden for HTTP requests from specified country zones.
    #
    <IfModule mod_maxminddb.c>
    MaxMindDBEnable On
    SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry
    SetEnvIf GEOIP_COUNTRY_CODE KR BlockCountry
    SetEnvIf GEOIP_COUNTRY_CODE VN BlockCountry
    SetEnvIf GEOIP_COUNTRY_CODE PK BlockCountry
    SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry
    SetEnvIf GEOIP_COUNTRY_CODE UA BlockCountry
    # Deny access to country zones specified above
    Deny from env=BlockCountry
    </IfModule>

    I would like to make an exception for Wordfence so I don’t need to always rename .htaccess file when i want to run a scan.

    I tried to whitelist some of Wordfence ip’s but it did not work > https://www.wordfence.com/help/advanced/#servers-and-ip-addresses

    <IfModule mod_authz_core.c>
    # Whitelist specific IP addresses
    <RequireAny>
    Require ip 44.235.211.232
    Require ip 54.68.32.247
    Require ip 54.71.203.174
    Require ip 35.83.41.128
    Require ip 52.25.185.95
    Require ip 54.148.171.133
    Require env !BlockCountry
    </RequireAny>
    </IfModule>

    How can I set an exception for Wordfence to finish the scan and keep Country Block protection intact?

    Thanks

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @saiso, thank-you for your detailed message.

    I must firstly highlight that we’re unable to directly assist with specific custom code questions that are causing plugin functions to no longer work, but I have some information that may help point you in the right direction. We do often highlight that IP geolocation can never be considered 100% accurate in all cases, but our fixed IPs should be correctly detected as USA at this point and not affected by the countries you’ve chosen to block.

    I only see Deny and Require statements. It’s possible your Apache configuration default values are set where the lack of Allow directives mean it defaults to rejecting a request, which would block the Wordfence scan. The following may help: https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html#order

    Many thanks,
    Peter.

    Hi @saiso,

    If you don’t mind, please allow me to help.

    Potential Solutions:

    Option 1: Remove the country-blocking rule from your .htaccess file and, instead, use Cloudflare Free to block those countries and whitelist Wordfence’s IPs. If your host does not allow you to do this, then find another host such as SiteGround. No host should be blocking or restricting your .htaccess file.

    Option 2: Contact your host for a resolution. It appears your website (i.e., host) is using the MaxMind DB Module so I’m quite confident they can help. I bet it’s not the first time they hear about this.

    Option 3: As @wfpeter suggested, revisit your .htaccess rule for whitelisting Wordfence’s IPs. I would stay away from this option as it may create other IP-related issues for your website.

    Option 4 (Best): Remove the country-blocking rule in your .htaccess file and, instead, purchase Wordfence Premium. With Wordfence Premium, you’ll be able to block those non-grata countries and further harden your website.

    If satisfied with the above, please consider closing this topic as “Resolved.”

    Cheers!

    Note: I’m not affiliated with Wordfence. Simply offering goodwilll support.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.