Flop Allow and Deny so that your IP is whitelisted after the Deny from all.
On Wed, Jun 12, 2013 at 11:20 AM, motty cruz <motty.c...@gmail.com> wrote:
> Hello,
> I am trying to block a directory from being access except my IP but I had
> being unsuccessful in doing so, please help: First I place this in
> httpd.conf
>
> <Directory "/usr/local/www/apache22/data">
> Options Indexes FollowSymLinks
> Options ALL -Indexes
> IndexIgnore *
> AllowOverride None
> Order allow,deny
> Allow from all
> RewriteEngine On
> RewriteBase /
> RewriteCond %{REQUEST_METHOD} POST
> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
> RewriteRule ^(.*)$ - [R=403,L]
> RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
> RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
> RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
> RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
> RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
> RewriteRule ^(.*)$ index_error.php [F,L]
> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
> RewriteRule .* - [F]
> RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]
> RewriteCond %{REQUEST_FILENAME} !-f
> RewriteCond %{REQUEST_FILENAME} !-d
> RewriteRule . /index.php [L]
> </Directory>
>
> I also tried this : on the / directory .htaccess
> <FilesMatch wp-login.php>
> Order Allow,Deny
> Allow from 192.168.8.4
> Deny from all
> </FilesMatch>
>
> Is the wp-admin or wp-login.php script that I'm trying to protect from
> brute force attacks,
>
> Thanks,
> Motty
>
