• Resolved aimjared

    (@aimjared)


    I have IP Geo Block set up to block all non-US IP addresses. However, it does not block if the user is attempting to access the non-www version of the site.The site url and home url of the wordpress installation are both set to www and so the website always redirects to the WWW version, but I am seeing a lot of traffic from non-US IPs trying to access the non-WWW version. Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @aimjared,

    I’m sorry but I can’t understand what you want. Because this plugin doesn’t care about the url with www or without www, but just care about IP address and the path from document root. I think the redirection from non-www to www would be done by your server using .htaccess or something.

    but I am seeing a lot of traffic from non-US IPs trying to access the non-WWW version.

    Where did you find those accesses? I guess you found them in your server’s log (and those would be redirected to www url before WordPress handles them), not in this plugin’s log. Because a log in this plugin looks like this:

    Request:
        GET[80]:/wp-content/plugins/ip-geo-block/samples.php
    User agent:
        Mozilla/5.0 (compatible; bingbot/2.0; +https://www.bing.com/bingbot.htm)
    HTTP headers:
        HTTP_FROM=bingbot(at)microsoft.com

    If I’ve misunderstood something about your site configuration, please let me know what it was. I’d like to help you if this plugin can resolve your issue.

    • This reply was modified 7 years, 9 months ago by tokkonopapa.
    Thread Starter aimjared

    (@aimjared)

    Thanks for the response. Yes, looking at my server logs I can see that there are non-US IP addresses accessing the site, but they are using urls that don’t include the WWW. In the IP Geo Block logs, I am seeing that it is blocking some of the non-US IPs, however not the ones that appear to be accessing the site using non-WWW urls. Does this make sense?

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @aimjared,

    OK, so you’re looking at both server’s log and this plugin’s log, and can find the relations between those.

    Let me confirm what you want. First of all, I’d describe a typical sequence between a client and your server:

    client              server
       |
       | REQ: example.com 
       +----------------->|
                          |
         RES: 301         |
       |<-----------------+
       |
       | REQ: www.example.com
       +----------------->|
                          | parse index.php
                          | start WordPress
         RES: 403         | start IP Geo Block
       |<-----------------+
    blocked

    1. Client requests example.com
    2. Server responds 301 status code to redirect https://www.example.com
    3. Client requests https://www.example.com
    4. Server parses the request and kick of WordPress
    5. IP Geo Block respond 403 to block the request

    But you don’t such a long sequence, just want blocking at 2, do you?

    If your answer is yes, unfortunately you can’t. Technically, it’s possible. I hope it in the future, but currently this plugin doesn’t support it.

    I recommend to ask Wordfence team if they support what you want, because their WAF works at 2.

    Good luck!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Not Blocking Non-WWW Version of Website’ is closed to new replies.