Whitelisting certain IPs on particular configuration does not work

  • Resolved dabrolga

    (@dabrolga)


    7 years, 4 months ago

    Hi
    Fantastic plugin but I have one little issue. On my site hosted on IIS with WP 4.7.5 & PHP 5.6 any IP address white listed like 130.130.130.130 or with larger numbers will not behave as a white listed IP. Any IP with an address like 120.120.120.120 or with smaller numbers works fine. I haven’t determined the exact cutoff point. In the table cerber_acl all the larger IPs have a value of 0 for ip_long_begin and ip_long_end which would appear to be part of the problem.
    My other site with similar plugins hosted on Apache with WP 4.8 & PHP 7.0 does not have this problem.
    I am using WP Cerber 4.8.2 on both sites.
    This may explain why various people have been locked out of their sites in the past despite thinking their IPs are whitelisted. I am not locked out, and can work around the issue, but it may point to a problem.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Thread Starter dabrolga

    (@dabrolga)

    On further investigation 128.0.0.0 is the IP it fails on. Anything below is OK. Anything above does not work. Copying the values for ip_long_begin and ip_long_end from the site that works to the one that doesn’t work for the same IP does not fix the problem.

    Plugin Author gioni

    (@gioni)

    Hi!

    That’s absolutely weird. Could you compare the versions of the MySQL servers on those two sites?

    Thread Starter dabrolga

    (@dabrolga)

    Hi
    MySQL verion on the IIS host is 5.7.10, and on the Apache host 5.6.35.
    Upon further investigation it would appear the problem is with the PHP function ip2long. On the Windows version of PHP it returns a negative integer for the larger IP addresses which of course get stored as 0 in MySQL because ip_long_begin and ip_long_end are unsigned integers. ip2long( ‘200.0.0.1’ ) tested outside of WordPress returns -939524095 on the Windows host and 3355443201 on the Apache host. Hope this helps.

    Thread Starter dabrolga

    (@dabrolga)

    Hi
    It looks like it is the 32bit version of PHP that is the problem, rather than specifically the Windows version. I will try and get my hosting changed to 64bit next week, but there may be implications for others.

    Plugin Author gioni

    (@gioni)

    I think, you are right about that 32bit related cause of the issue. I look forward to hearing from you!

    Thread Starter dabrolga

    (@dabrolga)

    Hi
    Unfortunately my hosting does not support 64bit PHP and as I just paid for a years hosting a week ago I cannot justify moving. So I am stuck with 32bit PHP. My quick fix was to change the the following columns to signed integer: cerber_acl.ip_long_begin , cerber_acl.ip_long_end and cerber_log.ip_long . This allows the negative values from ip2long to be stored and the logic all seems to still work without changing any code (I am sure I have missed something, but you know the code much better than me). I removed and replaced any large whitelisted and blacklisted IPs to store the negative value in the database. One just has to make sure that any range of listed IPs does not include 128.0.0.0 or thereabouts as this may cause major problems.

    I assume that blacklists as well as whitelists will not work with 32bit PHP when the IP is larger than 128.0.0.0 on the standard setup.

    Plugin Author gioni

    (@gioni)

    Thanks for sharing your story! I’m confused to see 32 bit on a commercial hosting these days, but I found this experience useful. Anyway, the logic should work fine with negative numbers because it’s a range comparison.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Whitelisting certain IPs on particular configuration does not work’ is closed to new replies.