IP List Managers Not Loading

  • Resolved msudvarg

    (@msudvarg)


    9 years, 2 months ago

    The IP list managers are not loading for me. In particular, I’d like to white list the whole private IP range 192.168.0.0-192.168.255.255. When I go to Manage: White List, the loading spinner stays on the screen, and no settings show up.

    Since I have full access to my database, I’d be happy to just add this as a database entry rather than going through the user interface. I tried adding the entry as below:

    ip: 192.168.0.0-192.168.255.255
    label: No Label
    list: MW
    ip6: 0
    range: 0
    transgressions: 0
    last_access_at: 0
    created_at: (timestamp)
    deleted_at: 0

    This did not seem to whitelist correctly through (I noticed that GASP protection on comment forms was still enabled for clients in this range). What am I doing wrong?

    https://www.ads-software.com/plugins/wp-simple-firewall/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Paul

    (@paultgoodchild)

    This plugin is built to not consider private and reserved IP ranges.. I’m going to review this decision based on this though and see what I can do.

    Also, ranges must be CIDR ranges:
    https://www.ipaddressguide.com/cidr

    Do you have experience with using things like Chrome browser console to review web requests and their responses? I’d like to know what the actual AJAX responses are when the list frames load. Do you know how to do that?

    Thread Starter msudvarg

    (@msudvarg)

    I’ll take a look at the response.

    Meanwhile, I looked in the FAQ, and I thought CIDR couldn’t be used. In my case, for example, would I use the following entries?

    ip: 192.168.0.0
    range: 16

    But are you saying that there’s no way to whitelist this private range anyway with the current design of the plugin?

    Thread Starter msudvarg

    (@msudvarg)

    The only request it’s sending when I try to manage the list is:

    interval=60&_nonce=xxxxxxxxxx&action=heartbeat&screen_id=simple-firewall_page_icwp-wpsf-ips-network&has_focus=true

    The only response is

    {“wp-auth-check”:true,”server_time”:1442259048}

    It’s sending and receiving these messages every minute. It seems from your code that the request body should include action=icwp_wpsf_GetIpList and list=MW, but I don’t see those being requested at all. I’m not sure why.

    Plugin Author Paul

    (@paultgoodchild)

    Hi,

    I’ve looked into the problem of private IP address ranges and removing the current restriction isn’t viable. This is why:

    Web hosts are generally terribly configured and I cannot guarantee that a web host configures the environment/server variables correctly with the valid public IP of the visitor. It has been known to happen that the server’s own private IP address has turned up there. Allowing this on a general scale means there’s no way for me to ascertain whether the IP is actually of the server, or a separate LAN host

    Another point to note is that you would hope that hosts on your local intranet are going to be trustworthy. This plugin is designed to protect against public, www-facing threats. The scale of attack that is possible from within a private intranet is much smaller.

    I wish I could accommodate this.

    Further, I believe that you’re not seeing the AJAX running because this plugin is configured to not run the IP manager unless the visitor’s IP address is found to be valid and in the public range. I may create a plugin notice to outline this to prevent confusion in the future.

    Sorry for the trouble with this and the fact that I can’t work around your issue. I hope you’ll understand the reasons behind it though.

    Thanks!
    Paul.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘IP List Managers Not Loading’ is closed to new replies.