Redirect bad referrers

jeffschips

• November 02, 2020 14:04

Hello. Please view the following snippet of logs. I wish to deny or redirect these malicious referrers that contain "wp-login". Does cpanel have a way to do this or are we talking about modifying virtual hosts files or .htaccess files? 181.xxx.xxx.36 - - [02/Nov/2020:14:16:16 -0500] "POST /administrator/ HTTP/1.1" 200 6161 "http://example.com/wp-login.php" "Opera/9.80 (Windows NT 6.1) Presto/2.12.388 Version/12.12" 181.xxx.xxx.36 - - [02/Nov/2020:14:16:16 -0500] "GET /administrator/ HTTP/1.1" 200 5868 "http://example.com/wp-login.php" "Opera/9.80 (Windows NT 6.1) Presto/2.12.388 Version/12.12"

• 

  cPRex Jurassic Moderator

  • November 03, 2020 17:00

  Hey there! This is something where .htaccess is likely the best solution. Something like this would work to limit the access to one IP address. Just replace the 1.2.3.4 IP with the IP of the user that should have access: RewriteEngine on RewriteCond %{REQUEST_URI} ^(.*)?wp-login.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ RewriteCond %{REMOTE_ADDR} !^1.2.3.4$ RewriteRule ^(.*)$ " [R=403,L]
  Can you try that and see if that gets you the results you're looking for?

  0
• 

  jeffschips

  • November 03, 2020 21:24

  Thanks cPRex. Just to clarify when to say ". . . replace the 1.2.3.4 with the IP of the user that should have access", I'm a bit stumped. Do you mean the IP address of the apache server hosting the virtual hosts, or the party making the request - I will never know the ip address of the party making the request.

  0
• 

  cPRex Jurassic Moderator

  • November 04, 2020 12:17

  The "1.2.3.4" would actually be the end-user's IP you want to allow access for, not the IP that you're blocking access from.

  0

Please sign in to leave a comment.