“Immediately block IPs that access these URLs” not working as expected

  • Resolved SJW

    (@whitsey)


    8 months, 2 weeks ago

    I found a lot of 404 errors on URLs that don’t exist which clearly just look like someone trying to find a way into the backend.

    One example of a URL I found was /tinyfilemanager/tinyfilemanager.php So in Wordfence > All Options – I added this to “Immediately block IPs that access these URLs”. Under “Rate Limiting” I have the setting “How long is an IP address blocked when it breaks a rule” set to “1 month”

    Today, I have gone back in to monitor the 404 errors and I have found a user with IP 103.78.0.60 has accessed the URL /tinyfilemanager/tinyfilemanager.php without being blocked.

    NOTE: This is not the only URL I have found that has been accessed that is in the list without being blocked

    Am I misunderstanding how this setting works?

    • This topic was modified 8 months, 2 weeks ago by SJW.
Viewing 1 replies (of 1 total)
  • Plugin Support wfmargaret

    (@wfmargaret)

    Hi @whitsey,

    Your understanding is correct. When a visitor visits the URL listed in Immediately block IPs that access these URLs they should be blocked for the duration specified under How long is an IP address blocked when it breaks a rule.

    In Wordfence > Tools > Live Traffic, what response are you seeing when an IP visits the blocked URL? You should see a red circle under Type and a 503 or similar under Response. When you expand the result, it should list the reason as Accessed a banned URL. Additionally, the IP address and the time the block expires should be listed in Wordfence > Firewall > Blocking.

    Thanks,
    Margaret

Viewing 1 replies (of 1 total)
  • The topic ‘“Immediately block IPs that access these URLs” not working as expected’ is closed to new replies.