dnb

(as an aside, if you look at the HTTP response from their servers, it identifies as Ngnix. I’m guessing they are using it to load balance or at least reverse proxy to their older Apache servers)

• This reply was modified 7 years, 11 months ago by dnb.

Hi @pronl

Thanks for your response. I think one that that may not have been clear from @silentsal ‘s original post and my followup was the IPv6 addresses were added automatically to the banned user list (and thus the .htaccess file) by the plugin (probably someone fell afoul of one of the other features like blocking if someone tries to use “admin”). I have no desire to add those addresses manually for the time being, so using the compact format while being a good idea, probably doesn’t address the problem for me. I’d prefer an option to simply drop the IPv6 banned host on the floor (until Hostgator upgrades its version of Apache).

I agree that it is strange that the mod_authz_core.c test doesn’t cause Apache to skip that stanza.

— dNb

• This reply was modified 7 years, 11 months ago by dnb.

@bdbrown

Sorry, so confused.

I was confirming the previous person’s report and adding a few more details to it. I was not attempting to jump in the middle or raise its exposure, just wanted to provide more info to the developer.

Just wanted to drop a quick “me too” here in the hopes the IThemes Security devs see it. Also hosting with the same shared hosting (so upgrades to newer versions of Apache probably not in the cards on a customer-by-customer basis).

It looks like an IPv6 address got flagged via the plugin, it gets written to .htaccess, and then the older Apache doesn’t know what to do with the “Require not ip” stanzas that include the IPv6 address.

Can I humbly request a setting that prevents IPv6 addresses from being captured as a banned used for just this use case? At the moment this means that it is possible to have the IThemes Security break an entire site if it bans an IPv6 host.

Thanks!

— dNb