Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 6 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
Im trying to configure everything in order to allow only VPN users to accesss to certain folders (wp-admin etc) and the thing is that by following some tutorials like https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04 i can connect to my openvpn (it gives me a 10.8.0.X ip through tun0 and the external IP is my server's one when checking at http://www.whatsmyip.org/ but when i enter my own server domain in my browser it sees my real IP (getenv('REMOTE_ADDR') shows my real IP) and not the one from the VPN so i cant set up a .htaccess file to restrict to my own server IP.
As a summary of above tutorial config, i have:
/etc/openvpn/server.conf
dh2048.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
user nobody
group nogroup
/proc/sys/net/ipv4/ip_forward
1
/etc/sysctl.conf
net.ipv4.ip_forward=1
/etc/default/ufw
DEFAULT_FORWARD_POLICY="ACCEPT"
/etc/ufw/before.rules
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES
ufw status verbose:
root#XXX:/# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
To Action From
-- ------ ----
1194/udp ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
53 (Bind9) ALLOW IN Anywhere
80/tcp (Apache) ALLOW IN Anywhere
443/tcp (Apache Secure) ALLOW IN Anywhere
1194/udp (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
53 (Bind9 (v6)) ALLOW IN Anywhere (v6)
80/tcp (Apache (v6)) ALLOW IN Anywhere (v6)
443/tcp (Apache Secure (v6)) ALLOW IN Anywhere (v6)
Is there something im missing or a different workaround?
Thank you in advance,
If Wordpress if your CMS, you can do this by installing a plugin. Find Restricted site access plugin on wordpress's website, this plugin will;
Limit access to visitors who are logged in or allowed by IP addresses. Includes many options for handling blocked visitors.
Using this plugin, you can restrict all other people who visit the page with any different IP
Restrict Content Pro is another powerful plugin worth considering if you want to implement advanced content and website access restriction for your WordPress website. Restricted Content Pro offers one of the most complete solutions for members-only access restriction for WordPress.
.htaccess Modifications – You can make a couple of modifications to your .htaccess file to restrict access to certain folders or files in the root of your WordPress installation by authorized users. If you use a dedicated IP, you can block access to the admin folder for all users except your IP address. If you use a dynamic IP address, be sure to modify the IP part or you will be blocked too.
Code snippet:
order deny, allow
allow from 199.199.10.0 (use your IP)
deny from all
You can also add another layer of protection for your admin area using some form of authentication system. This way, other users with access to the admin area will not be able to access the actual admin files and the same is true in case of an external intruder or software bot (since many attacks are carried out using bots).
Additionally, you can restrict access to wp-config.php as well as other individual files in the installation folder. For instance, if you include the code snippet below the top of your .htaccess file, any user trying to access this file will be denied access.
Here’s the code snippet:
order allow, deny
deny from all
The default .htaccess file contains some basic WordPress functions that you shouldn’t break, so before you make any modifications to the file, make a backup copy and keep it safe.
Have a look at this page for further clarification if you're looking to block on page level: http://wpdatatables.com/restricting-access-specific-content-wordpress-site/
Related
I'm looking to allow a specific device (in this case one particular iPad) access to XAMPP on a computer on the same LAN. I don't want any other devices besides this one and the server itself to be able to access localhost or anything else though. I'm able to find ways to enable LAN access online but to my understanding this could allow anyone on the same network to access XAMPP if they have the server's IP.
if you are talking about the apache server inside xampp, you can use this kind of solution: https://serverfault.com/questions/776252/allow-access-to-apache-server-from-only-one-ip-address
Similar solution can be found for the integrated tomcat, MySQL, etc...
If you are using Apache 2.4, make sure that you LOAD the authz_core module,
DELETE:
Order allow,deny
Deny from all
Allow from my.ip.add.res
and, in place of the deleted directives,
INSERT:
Require ip xxx.xxx.xxx.xxx
**If you are using Apache 2.2**, make sure that you LOAD the authz_host module,
DELETE:
Order allow,deny
Deny from all
Allow from my.ip.add.res
and, in place of the deleted directives,
INSERT:
Order Deny,Allow
Deny from all
Allow from xxx.xxx.xxx.xxx
It is slightly off-topic to what's being requested, but requesting credentials is a simple, effective way to restrict access without worrying about IP addresses or MAC addresses.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication
e.g. https://stackoverflow.com/a/44560458/3196753
This may not fulfill certain security requirements (e.g. HIPAA, PCI) but for simply keeping unauthorized people out, it is tremendously simple and effective.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I am trying to find website with url https://example.com:8888 in iis, but iis bindings looks like this, this iis is on a vm instance hosted on azure,
when I do netstat I get this (copied picture from internet but I am getting exact same response for 8888),
Problem:
Wildcard certificate expired on "*.example.com" we renewed it on website in iis, it shows certificate valid for 443(https) and 80(http) but it shows certificate as expired for port 8888. I am unable to find binding for this website with port 8888 so that IT team could update it's certificate.
We stopped IIS server and website on 443 and 80 stoped serving however on port 8888 it kept showing certificate expired and didn't go down. However when we shutdown the server instance, it went down as well.
How to find this website so that we could update it's certificate ? thanks
You could check whether 8888 is listened by (PID 4)IIS by using command line:
netstat -ano
If the command line show that IIS is listening to 8888, then you could use this to find the binding& site with port 8888
appcmd list site
When restricting access to the Wordpress admin via IP, is it necessary to to include /wp-login.php and /wp-admin?
yes, then only people from that IP will be able to access either of them. Please note restrictions on wp-admin will create havoc with any calls to admin-ajax.php. This can be resolved by whitelisting 127.0.0.1
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
i tried to block countries nginx.conf with below codes:
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allow_visit {
default yes;
RU no;
}
But im using CLoudFLare /cdn service.so when i block some countries.sometimes i cannot login to my system.Coz cloudflare servers maybe in my block countries.So i should remove cloudflare ips from block country list.But how can i do that?
any advice?
im using ubuntu 14.04 / nginx on my server..
*
and now im under the attack.You guys know, theres cyber war so i
should solve this problem fastly.
*
Thanks in advance.
CloudFlare allows you to block certain countries from accessing your website at the CloudFlare level. To do so:
Select your domain in your CloudFlare Control Panel
Select the "Firewall" tab
On the "IP Firewall" tab, you can enter a IP, IP range, or Country and click block.
This will block the country from all your websites on the CloudFlare level, before any attack even hits your server.
If you require to block it with your Nginx solution rather than CloudFlare's firewall for whatever reason, you can look at enabling "IP Geolocation" under the "Network" tab of the Control Panel. This adds the header "HTTP_CF_IPCOUNTRY" to all requests, and will contain the Country Code (I.e US, UK, RU) in the header.
If you need to block any requests based off certain IPs, or perform the IP lookup yourself. Then you should use the default CloudFlare header that is included with every request that holds the client's IP named "CF-Connecting-IP".
For future information, CloudFlare has a good article written here on how they handle their headers.
If you are using the free plan (cloudflare), you won't get the visitor IP address, so using geoip_country which matching IP <-> Country is not working.
You should turn on IP Geolocation in CloudFlare, and config nginx to read that country code.
Meanwhile, make sure your origin server only accept connection from CloudFlare IP range.
Details on how to config nginx: http://nginxlibrary.com/using-cloudflare-for-country-blocking/
We have a website deployed on AWS EC2 running on ubuntu,Apache, MYSQL. We have been getting continous requestes from below IP
"195.154.105.219"
"88.150.242.243". Requesting for xmlrpc.php file using POST method. As a result our website has become really slow and our clients work has been effected. As of now we have blocked these IP values by dropping them from iptables. We would like to know how to safegaurd our site from any future attacks like this.
The question is very general, and depending to your application's requirements, your budget and other factors, there are several techniques you can use, separately or together to mitigate DDOS and SPAM attacks.
Use Auto Scaling and an Elastic Load Balancer, to let AWS scale your infrastructure depending on traffic : http://aws.amazon.com/autoscaling/
Use S3 to serve static content. S3 is designed is scaling automatically for incoming traffic. All content served by S3 directly allows to offload your EC2 based web server : http://aws.amazon.com/s3/
Use CloudFront to distribute and server your content from AWS' edge location. This mitigates DDOS by distributing attackers' request to the network of edge locations instead of sending the traffic to your web server : http://aws.amazon.com/cloudfront/
All these three options have a cost associated, be sure to understand the pricing structure before deciding to implement any of these.
If you have a relatively short and stable list of IP addresses you want to block, you can customise either your EC2 instance's Security Group (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) either your VPC Subnet ACL (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html) to deny traffic from these IP addresses. This approach is not very scalable and, most of the time, you will play a mouse / cat game trying to catchup with whatever new addresses are used by your attackers
Last but not least, using plain old Apache configuration to block certain URL or restrict access to these by IP Addresses is very effective too (http://httpd.apache.org/docs/current/en/mod/mod_authz_core.html#require and File Directive)
Last but not least, I would encourage everyone to watch this re:invent talk about DDOS resiliency for AWS : https://www.youtube.com/watch?v=V7vTPlV8P3U)
Seb
xmlrpc.php is from wordpress. install the Disable xmlrpc pingback plugin, or better yet , in the wordpress site. .htaccess , deny xmlrpc.php file ;). that will fix it. Also checkup the wp-admin/scripts for any wierd script or just . find /var/www/ -type f -mtime -10 , to find the latest modified files.. check for any wierd php script..