Host Blocks are not granular enough (/20 gets turned into /16)

  • I’ve created host blocks in the CIDR form:

    37.187.144.0/20

    When I look at the .htaccess file and things managed by iThemes Security, however, it seems to ignore the CIDR or rather to assume that it’s really a /16! So, in this case it has blocked 65,000 hosts when I really only wanted it to block 4,000 hosts.

    Is only /8, /16, /24 and /32 supported when using CIDR-block notation for the hosts blocks? Will I need to have 16 different entries in order to block 37.187.144.0/24, 37.187.145.0/24, …, 37.187.159.0/24?

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 2 replies - 1 through 2 (of 2 total)

  • @gorpong

    It’s a bit weird because the Ban Hosts CIDR type entry validation code accepts the full range from /1 to /32 as valid values.

    But indeed it looks like when converting those CIDR values to .htaccess entries only /8, /16, /24 and /32 values are converted.

    So there is clearly a mismatch between CIDR entry validation and .htaccess CIDR range conversion.

    dwinden

    dwinden

    (@dwinden)

    @gorpong

    This bug turns out to be fixed in the 5.3.0 release.

    The ITSEC_Lib::ip_mask_to_range() function has been replaced by ITSEC_Lib_IP_Tools::ip_cidr_to_ip_regex() function.

    Tested and it seems to be working fine.

    If the above info answers your question please mark this topic as ‘resolved’.

    dwinden

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Host Blocks are not granular enough (/20 gets turned into /16)’ is closed to new replies.

Tags