I have a range of IP addresses that are blocked. But I have 3 ip addresses within this block that need to be allowed. Can anyone help with this? The Rewrite rule looks like this:
RewriteCond %{HTTP_true_client_ip} 54\.(242|243|234|235|236|237|224|225|226|227|208|209|210|211|221|204|205|196|197|198|80|81|82|83|84|85|86|87|88|89|90|91|92)\.\d{1,3}\.\d{1,3}
RewriteRule ^(.*)$ $1 [F]
I want to allow these three [54.243.53.243, 54.243.53.248, 54.198.174.172] which are currently blocked. Any help would be appreciated. I am not sure how to rewrite this. Thanks
I was able to add this code to omit specific IPs in the range above:
RewriteCond %{HTTP_true_client_ip} ^(?!54\.243\.53\.243)
RewriteCond %{HTTP_true_client_ip} ^(?!54\.243\.53\.248)
RewriteCond %{HTTP_true_client_ip} ^(?!54\.198\.174\.172)
Tested and it works, no problems.
Related
I am trying to configure our wordpress .htaccess file so that it blocks access to the wordpress wp-login.php and admin pages unless the client originates from within our networks.
The dev environment is directly accessible, but production is behind a proxy, so to keep things simple I wanted to configure one set of rules that would apply in either case.
I have configured the below set of rules, which based on my research, should be working:
#only allow use of wp-login or wp-admin from users inside
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^192\.168\.(1|2|3|4)\.[0-9]{1,3}$ [OR]
RewriteCond %{HTTP:X-FORWARDED-FOR} !^192\.168\.(1|2|3|4)\.[0-9]{1,3}$
RewriteRule ^(.*)$ - [R=403,L]
However, for some reason the [OR] between the REMOTE_ADDR and the X-FORWARDED-FOR appears to be ignored, causing the pages to be blocked in all cases.
Am I missing something?
Edit: I shouldn't have had the OR condition to begin with. Apparently my brain had insufficient coffee to compute basic binary operations.
I suppose that your clients go through a proxy or through a direct connection. Since you will block them if EITHER isn't matching, you'll most likely block them all. Someone coming via a local proxy should be getting through. I wouldn't do the XFF-stuff in the .htacces, use mod_remoteip if possible, and only trust your own proxies, because that header can be easily spoofed by the client.
Additionally, the $ in the wp-admin line means it won't match wp-admin/edit.php. Consider aswell that WP ajax requests go through wp-admin/admin-ajax.php, and you might need those.
I don't understand why this Url:
www.hortadascanas.com
and this Url:
http://hortadascanas.com
are not pointing to the same page. If you look the content, you can see that icons don't show up at the 2nd adress...Actually It seems to me that the 2nd Url links to an older version of the page.
I thought the "www" was a shortcut of "/public_html".
If I try with this address http://hortadascanas.com/location it is redirected to http://www.hortadascanas.com/location but the home page is not redirected.
What is happening ?
EDIT
This is what I have in my .htaccess file:
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
I guess I have to remove some lines because the site crashes if I add the lines you gave me....I have redirections loops...
EDIT 2
Should I delete this red line and recreate one pointing to the alias www.hortadascanas.com ?
This can be done by adding the following lines at the beginning of the .htaccess file in your public_html folder:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.hortadascanas.com [NC]
RewriteRule ^(.*)$ http://hortadascanas.com/$1 [L,R=301]
if you want to redirect both HTTP and HTTPS non-www Urls to www, you can combine rules as follows:
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [L,R=301]
For more information please read following :
https://www.siteground.com/kb/how_to_redirect_www_urls_to_nonwww/
Edit
In your case its because of CNAME in your cloudflare,please check complete guide for this,
https://help.ghost.org/hc/en-us/articles/223210747-Root-Domain-Setup-Using-CloudFlare
www.hortadascanas.com and hortadascanas.com are simply different hostnames.
They don't have identical DNS resolution:
[ ~ ]
[ user ][ user#workstation.local ] % host hortadascanas.com
hortadascanas.com has address 69.195.124.135
hortadascanas.com mail is handled by 0 mail.hortadascanas.com.
[ ~ ]
[ user ][ user#workstation.local ] % host www.hortadascanas.com
www.hortadascanas.com has address 104.27.134.235
www.hortadascanas.com has address 104.27.135.235
www.hortadascanas.com has IPv6 address 2400:cb00:2048:1::681b:86eb
www.hortadascanas.com has IPv6 address 2400:cb00:2048:1::681b:87eb
You end up talking to two different computers depending on which hostname you use.
Running the IP addresses through whois we can see that www.hortadascanas.com is handled by Cloudflare, who provide a CDN and caching service.
Actually It seems to me that the 2nd Url links to an older version of the page.
Presumably Cloudflare is loading the data from 69.195.124.135 and caching it … so it is an older version of the page.
Even if the two hostnames' DNS resolved to the same computer, you could still get different content. Name based virtual hosting allows multiple websites to share a single IP address. The Hostname is included in the HTTP request header so the server can determine which site to return.
I am having a little issue with my htaccess, what my goal is and what is currently working on my WordPress site is:
/blog/title-of-blog-post/1923
is being redirected to
/title-of-blog-post/
That is done with this rule:
RewriteRule ^blog/(.*)/.*/$ $1/ [R=301,L,QSA]
However, that means it is also redirecting
/blog/page/2/ to /page/
/blog/page/3/ to /page/
etc
Is there a condition to which I could stop the /blog/page/nr being redirected, but still keep those rules as they are?
Many thanks
You could add an RewriteCond before your rule.
RewriteCond %{REQUEST_URI} !^/blog/page/[0-9]+/?$
RewriteRule ^/?blog/(.*)/.*/?$ $1/ [R=301,L,QSA]
You could probably optimize it a bit if needed.
Hope it helps you forward.
I have a situation I've not come across before that calls for some interesting mod_rewrite rules and I cant find any examples of someone trying to achieve the same thing in a similar configuration.
Currently I have two domain names which are configured to share the same document root, in said document root is a dynamic php application which, based on the incoming hostname, displays content specific to the that domain.
The domains for example purposes are:
www.example1.com
and
www.example2.co.uk
(one being a TLD the other not)
In addition to this application there are two wordpress installations one for each of the two domain names. As we are not using wordpress MU here I need some fancy rewrites to firstly hide the wordrpess folder, and secondly present the request to the correct folders based on the HTTP_HOST.
Currently I have the following:
RewriteRule ^wp-content(.*) wordpress/example1$1 [L]
RewriteRule ^wp-admin(.*) wordpress/example1/wp-admin$1 [L]
RewriteRule ^wp-login.php$ wordpress/example1/wp-login.php [L,R=301]
And similar rules for content specific pages.
This works well for the single wordpress installation, but obviously not for the second, what I was hoping to do here was something like the following:
RewriteRule ^wp-admin(.*) wordpress/${HTTP_HOST}/wp-admin$1 [L]
However I need to remove the www. and .com from the ${HTTP_HOST} variable (or the www. and .co.uk )
Any suggestions on a way to achieve this or a better approach would be appreciated.
You can use RewriteCond to check for a pattern in HTTP_HOST and then capture part of that pattern.
For instance:
RewriteCond %{HTTP_HOST} ^(?:www\.)?([a-zA-Z0-9_-]+)\.(?:com|co\.uk)$
RewriteRule ^wp-admin(.*) wordpress/%1/wp-admin$1 [L]
The RewriteCond directive above checks to see whether HTTP_HOST fits a domain pattern ending ".com" or ".co.uk" and optionally beginning with "www.". If it does, it captures the interesting part of the domain name.
Then the RewriteRule (which only fires if the RewriteCond does match) is able to refer to the captured part of the RewriteCond pattern by using the %1 back-reference.
The pattern I've used in the RewriteCond above might not suit your needs perfectly, but once you know you can use a back-reference to a pattern captured by RewriteCond, it should be easy for you to use this to get the effect you need.
I want to use subdomains instead of subfolders. Unfortunately, since my host doesn't allow wildcard subdomains in my dns settings, I couldn't do a subdomain install. I do however think that I should be able to achieve this post-install, since I can manually make subdomains.
I have now made two subdomains: Subdom1 and Subdom2. My set-up at this point is domain/Subdir1 and domain/Subdir2. I'd like to have my visitors (and ideally also Google) to visit my site as subdom1.domain.com and subdom2.domain.com, both should show what is in the two subdirs.
I think this should be possible with .htaccess rules, but I'm hardly the expert at that. I'm hoping someone could help me with this.
try this, obviously replace blog with your subdomain name
Options -Indexes +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com$1 [L,R=301]
RedirectMatch 301 ^/blog/(.*)$ http://blog.example.com/$1
more here http://terriswallow.com/weblog/2008/htaccess-redirect-a-directory-to-a-subdomain-and-force-www/