.htninja whitelisting own Ip

  • Resolved hendriksb3

    (@hendriksb3)


    4 years, 10 months ago

    Hello there, we are using NinjaFirewall (WP Edition) with hosting on wordpress.com and try to whitelist our own ip using the .htninja file.

    It is not working as expected. Sometimes users can access the sites with an ip that is not whitelisted and sometimes our own ip gets blocked even though its whitelisted.

    This is the code:

    if (!empty($_SERVER[‘HTTP_X_FORWARDED_FOR’])) {
    $ip = $_SERVER[‘HTTP_X_FORWARDED_FOR’];
    } else {
    $ip = $_SERVER[‘REMOTE_ADDR’];
    }

    if ( $ip == ‘82.32.12.123’ ) {
    return ‘ALLOW’;
    } else {
    return ‘BLOCK’;
    }

    When logging $_SERVER[‘REMOTE_ADDR’] it can be seen that the ip stays the same even though we are changing ip address on the client. In other instances our own ip gets blocked.

    Looking forward to your answer.

    • This topic was modified 4 years, 10 months ago by hendriksb3.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet

    (@nintechnet)

    I tested your code and it worked as expected:
    * I’m blocked when accessing my site with this command:

    $ curl https://my-website.com/

    * I’m allowed if I run the following command: 

    $ curl https://my-website.com/ -H 'X-Forwarded-For: 82.32.12.123'

    Do you have any caching plugins or some rules in your .htaccess file that could mess with PHP (and the firewall)?

    Thread Starter hendriksb3

    (@hendriksb3)

    I agree with you that the code itself should work. We do not have a caching plugin and also no .htaccess file as hosting is with Nginx. However the Jetpack plugin is used. I read that Jetpack has some issues with NinjaFirewall jetpack.com/support/getting-started-with-jetpack/known-issues/ Could this be the problem?

    Plugin Author nintechnet

    (@nintechnet)

    The problem you’re facing is unlikely an issue with JetPack because NinjaFirewall’s .htninja file will load before it.

    Try to download and run this script: https://nintechnet.com/share/wp-check.txt
    1. Rename it to “wp-check.php”.
    2. Upload it into your WordPress root folder.
    3. Go to https://YOUR WEBSITE/wp-check.php
    4. Delete it afterwards.

    You may want to anonymize the paths before pasting the results here.

    Thread Starter hendriksb3

    (@hendriksb3)

    For us the solution was to remove NinjaFirewall. As it did cause other problems with JetPack (which we can not remove).

    Otherwise, we would have tried your approach.

    Thank you for your time:)

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘.htninja whitelisting own Ip’ is closed to new replies.

Tags