Thanks for your help David,
can this be accomplish in httpd.conf?
Thanks,
On Wed, Jun 12, 2013 at 9:07 AM, motty cruz <motty.c...@gmail.com> wrote:
> 192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] "GET /wp-login.php HTTP/1.1"
> 200 1085
>
> I am still able to get access from a different IP than the one allow in
> .htaccess
> as you suggest:
> <Files wp-login.php>
> order deny,allow
> Deny from all
> allow from 192.168.8.4
> </Files>
>
>
>
> On Wed, Jun 12, 2013 at 9:01 AM, David Guerra <imdavidgue...@gmail.com>wrote:
>
>> Try this format:
>>
>> <Files wp-login.php>
>> order deny,allow
>> Deny from all
>> allow from xx.xxx.xx.xx
>> allow from xx.xxx.xx.xx
>> </Files>
>>
>>
>>
>> On Wed, Jun 12, 2013 at 11:52 AM, motty cruz <motty.c...@gmail.com>wrote:
>>
>>> Hello David,
>>>
>>> this is the content on .htaccess
>>> # BEGIN WordPress
>>> <IfModule mod_rewrite.c>
>>> RewriteEngine On
>>> RewriteCond %{REQUEST_METHOD} POST
>>> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>> RewriteRule ^(.*)$ - [R=403,L]
>>> RewriteBase /
>>> RewriteRule ^index\.php$ - [L]
>>> RewriteCond %{REQUEST_FILENAME} !-f
>>> RewriteCond %{REQUEST_FILENAME} !-d
>>> RewriteRule . /index.php [L]
>>> </IfModule>
>>>
>>> <FilesMatch wp-login.php>
>>> Order Deny,Allow
>>> Deny from all
>>> Allow from 192.169.8.4
>>> </FilesMatch>
>>>
>>> # END WordPress
>>>
>>> but no success!
>>>
>>>
>>>
>>> On Wed, Jun 12, 2013 at 8:43 AM, David Guerra
>>> <imdavidgue...@gmail.com>wrote:
>>>
>>>> Flop Allow and Deny so that your IP is whitelisted after the Deny from
>>>> all.
>>>>
>>>>
>>>>
>>>> On Wed, Jun 12, 2013 at 11:20 AM, motty cruz <motty.c...@gmail.com>wrote:
>>>>
>>>>> Hello,
>>>>> I am trying to block a directory from being access except my IP but I
>>>>> had being unsuccessful in doing so, please help: First I place this in
>>>>> httpd.conf
>>>>>
>>>>> <Directory "/usr/local/www/apache22/data">
>>>>> Options Indexes FollowSymLinks
>>>>> Options ALL -Indexes
>>>>> IndexIgnore *
>>>>> AllowOverride None
>>>>> Order allow,deny
>>>>> Allow from all
>>>>> RewriteEngine On
>>>>> RewriteBase /
>>>>> RewriteCond %{REQUEST_METHOD} POST
>>>>> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>>> RewriteRule ^(.*)$ - [R=403,L]
>>>>> RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
>>>>> RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
>>>>> RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
>>>>> RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
>>>>> RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
>>>>> RewriteRule ^(.*)$ index_error.php [F,L]
>>>>> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>>>> RewriteRule .* - [F]
>>>>> RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]
>>>>> RewriteCond %{REQUEST_FILENAME} !-f
>>>>> RewriteCond %{REQUEST_FILENAME} !-d
>>>>> RewriteRule . /index.php [L]
>>>>> </Directory>
>>>>>
>>>>> I also tried this : on the / directory .htaccess
>>>>> <FilesMatch wp-login.php>
>>>>> Order Allow,Deny
>>>>> Allow from 192.168.8.4
>>>>> Deny from all
>>>>> </FilesMatch>
>>>>>
>>>>> Is the wp-admin or wp-login.php script that I'm trying to protect from
>>>>> brute force attacks,
>>>>>
>>>>> Thanks,
>>>>> Motty
>>>>>
>>>>
>>>>
>>>
>>
>
