Blocking direct access by IP address without site name

  • Resolved kjc041056

    (@kjc041056)


    3 years, 8 months ago

    How can I get WP Cerber to block requests that just have the IP address in the URI and not the site name. I am seeing several suspicious requests in the Traffic Inspector log. We use Cloudflare and I have setup FW rules in CF to trap them but as the request are coming direct using the IP address, the rules are not actioned as I believe Cloudflare is bypassed. I have rules setup that work OK in CF. But for the request coming in with only our IP address and not site name, the FW rules are not actioned. I have rules set to block the source IP address and text in the URI. I have tested the text string FW Rule myself and it works but I am using the site name in the URI, not just IP address.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter kjc041056

    (@kjc041056)

    Having researched this more, clearly it seems that our hosted WordPress IP address has somehow been made public. This means that the proxy/security features of Cloudflare can be bypassed. I can blacklist offending IP addresses in WP Cerber and also I can block IP addresses in our hosting – BigScoots. But this is reactive and not proactive as I can only do this after the intrusion. Many of the requests get rejected with a 403 or 404. But not all – some suspicious PHP debug requests get a 200 response. Currently I am blocking all offending IP addresses.

    By the way – very happy with WP Cerber. We upgraded to a Pro license today.

    Plugin Author gioni

    (@gioni)

    Hi! The best and most correct approach is to configure your web server to route such requests to a specially configured “default” empty website with one empty page. It’s relatively easy since such requests don’t contain (or it’s empty) an HTTP “Host” header [1] and most web servers have options for such a case.

    [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Blocking direct access by IP address without site name’ is closed to new replies.