Bug in settings > ban host field with wilcards IP

With 4.2.8 update of iThemes Security, the bug still exist and wildcard character still not working in IP for:
? “Global settings” section =>”Lockout White List” field
? “Banned users” section => “Ban Hosts” field

To enable range of IPs, you can add to your .htaccess file IPs using the wildcard character (*) in this form:

# BEGIN PERSONNAL SETTINGS

# ===> RESTRICT ACCESS [BLOCKING] - BLACK LISTING
    RewriteEngine On
    Order allow,deny
#  Using 1 wildcard character
    SetEnvIF REMOTE_ADDR "^###\.###\.###\.*$" DenyAccess
    SetEnvIF X-FORWARDED-FOR "^###\.###\.###\.*$" DenyAccess
    SetEnvIF X-CLUSTER-CLIENT-IP "^###\.###\.###\.*$" DenyAccess

#  Using 2 wildcard character
    SetEnvIF REMOTE_ADDR "^###\.###\.*\.*$" DenyAccess
    SetEnvIF X-FORWARDED-FOR "^###\.###\.*\.*$" DenyAccess
    SetEnvIF X-CLUSTER-CLIENT-IP "^###\.###\.*\.*$" DenyAccess

# ===> ALLOW ACCESS [UNBLOCKING] - WHITE LISTING
#  Using 1 wildcard character
    SetEnvIF REMOTE_ADDR "^###\.###\.###\.*$" AllowAccess
    SetEnvIF X-FORWARDED-FOR "^###\.###\.###\.*$" AllowAccess
    SetEnvIF X-CLUSTER-CLIENT-IP "^###\.###\.###\.*$" AllowAccess

#  Using 2 wildcard character
    SetEnvIF REMOTE_ADDR "^###\.###\.*\.*$" AllowAccess
    SetEnvIF X-FORWARDED-FOR "^###\.###\.*\.*$" AllowAccess
    SetEnvIF X-CLUSTER-CLIENT-IP "^###\.###\.*\.*$" AllowAccess

    Deny from env=DenyAccess
    Allow from env=AllowAccess
    Allow from all

# END PERSONNAL SETTINGS

here “###” are numbers from 0 to 255 and all the lines begining with “#…” are comments. For each rage of Ip you have to add a group of:

SetEnvIF REMOTE_ADDR "^###\.###\.###\.*$"
SetEnvIF X-FORWARDED-FOR "^###\.###\.###\.*$"
SetEnvIF X-CLUSTER-CLIENT-IP "^###\.###\.###\.*$"

…adding at the end “DenyAccess” to Black list or “AllowAccess” to White list.

Like this you can allow or block range of IPs to stop hacking attempts from some countries (like China, Russsia, Ukraine…)
I hope this feature will work in next iThemes Security update.
L..

Thanks for the report. I’m going to do one more bug fix tomorrow before I switch gears for a couple of weeks. I’ll get a fix in there.

@lomar mind contacting me directly on some of what you’re finding? You’ve been most helpful but these forums are less than stellar for keeping track of issues. You should be able to find me by name on nearly any major service.

Hey Chris,

First, great job on the plugin, Love It!

My whitelist and my ban host list don’t even show up on the .htaccess file. Am I missing something? Thanks.

@greatkeelyone
May be you have miss the check-box “Write to Files” on settings section… don’t you?
Then click on any “Save All Changes” button located down. You are done…

@chris Wiegman
First thing, thanks ??
How contacting you directly? using the link on third sticky thread to report bugs or there is another way?
L..

@lomars, I pushed a fix for this in htaccess earlier today.

@greatkeelyone, the white list shouldn’t show up. The ban hosts list is a different story but @lomars already posted the work around.

For contacting me, I’m easy to find. Just google me.

Thank you very much Chris !

Wildcard (*) character in IP work now as expected!!!

If you put one in “Banned users” section => “Ban Hosts” field for example “123.123.123.*” and validate, you can see them working on your .htaccess:

SetEnvIF REMOTE_ADDR "^123\.123\.123\.[0-9]+$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^123\.123\.123\.[0-9]+$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^123\.123\.123\.[0-9]+$" DenyAccess

order allow,deny
deny from env=DenyAccess
deny from 123.123.123

And so I made ??a small mistake on one of my post a little higher. If you want manualy enter range of IP on you .htaccess file you have to replace “*” character by [0-9]+ just like iTheme Security does… my apologies.

Thanks Chris,

I will add the workaround and see if that works.

And thanks @lomars for the great workaround!!

Error still popping up in version 4.4.23.

192.74.*.* is not a valid address as it has been white listed.
193.150.*.* is not a valid address as it has been white listed.

Hello Chris,
How are you? i hope Fine ??
The wildcard (*) character are not working anymore (iTheme Security version .
i get two warning messages after saving in ithemes security settings:

There is a problem with an IP address in the white list:

66.249.64.* is not a valid address in the white list users box.

`
95.128.246.* is not a valid address in the ban users box.
,
So ban host get un activated.
Can you have a look at this problem please.
best regards,
Lo?c

Exuse-me the problematics versions is version 2.6.6 and version 2.6.8
So i returned to version 2.6.4 until the problem wil be resolved…
thanks

Obviously it should read version 4.6.6 and 4.6.8 …

I think you are running into the 4.6.8 issue as described in this topic:

https://www.ads-software.com/support/topic/banned-users-wildcard-suddenly-not-accepted

Scroll down to the bottom of that topic where you will find my latest post. This post contains a link to a 4.6.8 fixed file. Download it and follow the instructions.

Not this fixed 4.6.8 file can only be used in iTSec plugin 4.6.8 !

dwinden

@dwinden
ok may thanks
Lo

As you are the topic starter please mark this topic as ‘resolved’.
The reintroduction of this issue in iTSec 4.6.8 will be monitored in the newly created topic until it is fixed by iThemes.

https://www.ads-software.com/support/topic/banned-users-wildcard-suddenly-not-accepted

Thank you.

dwinden