Forum Discussion

mariofimiani_13's avatar
mariofimiani_13
Icon for Nimbostratus rankNimbostratus
Oct 02, 2013

Blocking wp-login on wordpress ..

Hi All, I need to block the access on wp-login resource from external ip.

 

I try this Irule :

 

when HTTP_REQUEST { if { ! ([IP::addr "10.0.0.0 mask 255.0.0.0" equals [IP::client_addr]]) } { log local0. "Client IP: [IP::client_addr]" switch -glob [string tolower [HTTP::uri]] { "/admin" { log local0. "ADMIN" drop log local0. "Dropped admin [IP::client_addr]" } "/wp-login" { log local0. "LOGIN" drop log local0. "Dropped login [IP::client_addr]" } default { return } } } }

 

but doesn't work the drop instruction.

 

I try the HTTP::respond 403 content {Not Authorized 403 !} command but I don't have (or I don't know) how enabling HTTP profile on VS.

 

I have this final version "BIG-IP 9.4.5 Build 1049.10 Final" and on pool I have SNAT option.

 

Any suggestions ?

 

application delivery
devops
iRules

5 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 02, 2013

    If you do actually have a HTTP profile assigned, try this (I've just tidied up the test expression);

    when HTTP_REQUEST {
  if { ! [IP::addr [IP::client_addr] equals 10.0.0.0/24) } { 
    log local0. "Client IP: [IP::client_addr]"
    switch -glob [string tolower [HTTP::uri]] { 
      "/admin" { log local0. "ADMIN" drop log local0. "Dropped admin [IP::client_addr]" } 
      "/wp-login" { log local0. "LOGIN" drop log local0. "Dropped login [IP::client_addr]" } 
      default { return } 
    }
  }
}

    If you don't have a HTTP profile assigned, change the event to 'when CLIENT_ACCEPTED'.

    • What_Lies_Bene1's avatar
      What_Lies_Bene1
      Icon for Cirrostratus rankCirrostratus
      Oct 03, 2013
      OK, great. As noted by JR, you could reverse that and change the event to save a few CPU cycles etc.
  • Charlie_Foster_'s avatar
    Charlie_Foster_
    Icon for Nimbostratus rankNimbostratus
    May 23, 2015

    Hello friends, I am working on WordPress and also looking for the same. However the process mentioned here is not working with my theme as it still shows error. Should try any security plugin or instead go for hand coding. As I am not so much code savvy, hence kindly reply it in simple manner.