Blacklisting Issue with Solution

  • Resolved svacontact

    (@svacontact)


    7 years, 7 months ago

    I found an issue with Blacklisting that was preventing it from working at all in the latest version of the plugin. Basically, the code written by the plugin to .htaccess uses an IF statement to check whether a specific Apache module is loaded. If YES, it uses the newer “require not ip” approach to block IP addresses. If NO, it uses the older “Allow, Deny” approach.

    After a lot of testing, I found that (in my case) the IF statement was directing to the newer approach, however, NO listed IPs were being blocked. I commented out all code to force only the newer approach and confirmed it was not working. I then reversed this to force only the older (Allow, Deny) approach and it worked as expected.

    I hope you will investigate this as many users may not be comfortable directly editing .htaccess, and I assume that the plugin will directly overwrite my changes the next time it saves .htaccess. Note I am running Apache 2.4.25.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor wpsolutions

    (@wpsolutions)

    Ok thanks for the feedback.
    For your case the best thing to do in the meantime is to copy the rules and then disable that feature and paste and modify the rules in the custom rules tab in the firewall menu. That way they won’t be overwritten.

    • This reply was modified 7 years, 7 months ago by wpsolutions.
    Thread Starter svacontact

    (@svacontact)

    Thanks for the quick reply and workaround. I found this post:
    Blacklist IP doesn’t work when 6G Blacklist Firewall Rules Applied (@reesdg).
    Sounds like it could be the same issue(??). I do have 6G Firewall active.

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Yes I wonder if this is the same problem…..
    Can you please do a quick test and verify if deactivating 6G makes the issue you are seeing go away?

    • This reply was modified 7 years, 7 months ago by wpsolutions.
    • This reply was modified 7 years, 7 months ago by wpsolutions.
    Thread Starter svacontact

    (@svacontact)

    Yes, confirmed. With 6G deactivated, the default .htaccess using the “require not ip” method works as expected. With 6G activated it does not work.

    Seems that @reesdg may have identified the problem. The second use of RequireAll in .htaccess for the 6G Firewall:

    <RequireAll>
    Require all Granted
    Require not env bad_bot
    </RequireAll>

    overrides the first use of RequireAll that contains the list of blocked IPs. This also explains why forcing the older “Allow/Deny” method for IP blocking works.

    Interesting also that 6G out-of-the-box includes it’s own section to block IPs that uses the older method:

    # 6G:[BAD IPS]
    <Limit GET HEAD OPTIONS POST PUT>
    Order Allow,Deny
    Allow from All
    # uncomment/edit/repeat next line to block IPs
    # Deny from 123.456.789
    </Limit>

    I understand that you are integrating 6G with other code and therefore don’t include this section – just thought the approach was interesting.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Blacklisting Issue with Solution’ is closed to new replies.