Glad I could help.
Your issue is probably that you don't have htaccess override set to allow.
:)
Kick those bots!
On Wed, Jun 12, 2013 at 12:16 PM, motty cruz <motty.c...@gmail.com> wrote:
> I am not using virtual host, I'm adding to .htaccess in the root directory
> of web site.
>
> but after adding this to my httpd.conf file it worked perfectly fine.
>
> Thank you very much David for your help,
>
> -Motty
>
>
> On Wed, Jun 12, 2013 at 9:09 AM, David Guerra <imdavidgue...@gmail.com>wrote:
>
>> Yes, it should work just fine. Are you putting this in the virtual host?
>>
>>
>> On Wed, Jun 12, 2013 at 12:08 PM, motty cruz <motty.c...@gmail.com>wrote:
>>
>>> Thanks for your help David,
>>>
>>> can this be accomplish in httpd.conf?
>>>
>>> Thanks,
>>>
>>>
>>> On Wed, Jun 12, 2013 at 9:07 AM, motty cruz <motty.c...@gmail.com>wrote:
>>>
>>>> 192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] "GET /wp-login.php
>>>> HTTP/1.1" 200 1085
>>>>
>>>> I am still able to get access from a different IP than the one allow in
>>>> .htaccess
>>>> as you suggest:
>>>> <Files wp-login.php>
>>>> order deny,allow
>>>> Deny from all
>>>> allow from 192.168.8.4
>>>> </Files>
>>>>
>>>>
>>>>
>>>> On Wed, Jun 12, 2013 at 9:01 AM, David Guerra
>>>> <imdavidgue...@gmail.com>wrote:
>>>>
>>>>> Try this format:
>>>>>
>>>>> <Files wp-login.php>
>>>>> order deny,allow
>>>>> Deny from all
>>>>> allow from xx.xxx.xx.xx
>>>>> allow from xx.xxx.xx.xx
>>>>> </Files>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jun 12, 2013 at 11:52 AM, motty cruz <motty.c...@gmail.com>wrote:
>>>>>
>>>>>> Hello David,
>>>>>>
>>>>>> this is the content on .htaccess
>>>>>> # BEGIN WordPress
>>>>>> <IfModule mod_rewrite.c>
>>>>>> RewriteEngine On
>>>>>> RewriteCond %{REQUEST_METHOD} POST
>>>>>> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>>>> RewriteRule ^(.*)$ - [R=403,L]
>>>>>> RewriteBase /
>>>>>> RewriteRule ^index\.php$ - [L]
>>>>>> RewriteCond %{REQUEST_FILENAME} !-f
>>>>>> RewriteCond %{REQUEST_FILENAME} !-d
>>>>>> RewriteRule . /index.php [L]
>>>>>> </IfModule>
>>>>>>
>>>>>> <FilesMatch wp-login.php>
>>>>>> Order Deny,Allow
>>>>>> Deny from all
>>>>>> Allow from 192.169.8.4
>>>>>> </FilesMatch>
>>>>>>
>>>>>> # END WordPress
>>>>>>
>>>>>> but no success!
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Jun 12, 2013 at 8:43 AM, David Guerra <
>>>>>> imdavidgue...@gmail.com> wrote:
>>>>>>
>>>>>>> Flop Allow and Deny so that your IP is whitelisted after the Deny
>>>>>>> from all.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Jun 12, 2013 at 11:20 AM, motty cruz
>>>>>>> <motty.c...@gmail.com>wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>> I am trying to block a directory from being access except my IP but
>>>>>>>> I had being unsuccessful in doing so, please help: First I place this
>>>>>>>> in
>>>>>>>> httpd.conf
>>>>>>>>
>>>>>>>> <Directory "/usr/local/www/apache22/data">
>>>>>>>> Options Indexes FollowSymLinks
>>>>>>>> Options ALL -Indexes
>>>>>>>> IndexIgnore *
>>>>>>>> AllowOverride None
>>>>>>>> Order allow,deny
>>>>>>>> Allow from all
>>>>>>>> RewriteEngine On
>>>>>>>> RewriteBase /
>>>>>>>> RewriteCond %{REQUEST_METHOD} POST
>>>>>>>> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>>>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>>>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>>>>>> RewriteRule ^(.*)$ - [R=403,L]
>>>>>>>> RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
>>>>>>>> RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
>>>>>>>> RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
>>>>>>>> RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
>>>>>>>> RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
>>>>>>>> RewriteRule ^(.*)$ index_error.php [F,L]
>>>>>>>> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>>>>>>> RewriteRule .* - [F]
>>>>>>>> RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]
>>>>>>>> RewriteCond %{REQUEST_FILENAME} !-f
>>>>>>>> RewriteCond %{REQUEST_FILENAME} !-d
>>>>>>>> RewriteRule . /index.php [L]
>>>>>>>> </Directory>
>>>>>>>>
>>>>>>>> I also tried this : on the / directory .htaccess
>>>>>>>> <FilesMatch wp-login.php>
>>>>>>>> Order Allow,Deny
>>>>>>>> Allow from 192.168.8.4
>>>>>>>> Deny from all
>>>>>>>> </FilesMatch>
>>>>>>>>
>>>>>>>> Is the wp-admin or wp-login.php script that I'm trying to protect
>>>>>>>> from brute force attacks,
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Motty
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
