you're right I did not have htaccess override set to allow, I just fixed it
too;
yeah, them busters are giving me headache lately,
Thanks again!
On Wed, Jun 12, 2013 at 9:17 AM, David Guerra <imdavidgue...@gmail.com>wrote:
> Glad I could help.
>
> Your issue is probably that you don't have htaccess override set to allow.
> :)
>
> Kick those bots!
>
>
> On Wed, Jun 12, 2013 at 12:16 PM, motty cruz <motty.c...@gmail.com> wrote:
>
>> I am not using virtual host, I'm adding to .htaccess in the root
>> directory of web site.
>>
>> but after adding this to my httpd.conf file it worked perfectly fine.
>>
>> Thank you very much David for your help,
>>
>> -Motty
>>
>>
>> On Wed, Jun 12, 2013 at 9:09 AM, David Guerra <imdavidgue...@gmail.com>wrote:
>>
>>> Yes, it should work just fine. Are you putting this in the virtual host?
>>>
>>>
>>> On Wed, Jun 12, 2013 at 12:08 PM, motty cruz <motty.c...@gmail.com>wrote:
>>>
>>>> Thanks for your help David,
>>>>
>>>> can this be accomplish in httpd.conf?
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> On Wed, Jun 12, 2013 at 9:07 AM, motty cruz <motty.c...@gmail.com>wrote:
>>>>
>>>>> 192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] "GET /wp-login.php
>>>>> HTTP/1.1" 200 1085
>>>>>
>>>>> I am still able to get access from a different IP than the one allow
>>>>> in .htaccess
>>>>> as you suggest:
>>>>> <Files wp-login.php>
>>>>> order deny,allow
>>>>> Deny from all
>>>>> allow from 192.168.8.4
>>>>> </Files>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jun 12, 2013 at 9:01 AM, David Guerra <imdavidgue...@gmail.com
>>>>> > wrote:
>>>>>
>>>>>> Try this format:
>>>>>>
>>>>>> <Files wp-login.php>
>>>>>> order deny,allow
>>>>>> Deny from all
>>>>>> allow from xx.xxx.xx.xx
>>>>>> allow from xx.xxx.xx.xx
>>>>>> </Files>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Jun 12, 2013 at 11:52 AM, motty cruz <motty.c...@gmail.com>wrote:
>>>>>>
>>>>>>> Hello David,
>>>>>>>
>>>>>>> this is the content on .htaccess
>>>>>>> # BEGIN WordPress
>>>>>>> <IfModule mod_rewrite.c>
>>>>>>> RewriteEngine On
>>>>>>> RewriteCond %{REQUEST_METHOD} POST
>>>>>>> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>>>>> RewriteRule ^(.*)$ - [R=403,L]
>>>>>>> RewriteBase /
>>>>>>> RewriteRule ^index\.php$ - [L]
>>>>>>> RewriteCond %{REQUEST_FILENAME} !-f
>>>>>>> RewriteCond %{REQUEST_FILENAME} !-d
>>>>>>> RewriteRule . /index.php [L]
>>>>>>> </IfModule>
>>>>>>>
>>>>>>> <FilesMatch wp-login.php>
>>>>>>> Order Deny,Allow
>>>>>>> Deny from all
>>>>>>> Allow from 192.169.8.4
>>>>>>> </FilesMatch>
>>>>>>>
>>>>>>> # END WordPress
>>>>>>>
>>>>>>> but no success!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Jun 12, 2013 at 8:43 AM, David Guerra <
>>>>>>> imdavidgue...@gmail.com> wrote:
>>>>>>>
>>>>>>>> Flop Allow and Deny so that your IP is whitelisted after the Deny
>>>>>>>> from all.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Jun 12, 2013 at 11:20 AM, motty cruz
>>>>>>>> <motty.c...@gmail.com>wrote:
>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>> I am trying to block a directory from being access except my IP
>>>>>>>>> but I had being unsuccessful in doing so, please help: First I place
>>>>>>>>> this
>>>>>>>>> in httpd.conf
>>>>>>>>>
>>>>>>>>> <Directory "/usr/local/www/apache22/data">
>>>>>>>>> Options Indexes FollowSymLinks
>>>>>>>>> Options ALL -Indexes
>>>>>>>>> IndexIgnore *
>>>>>>>>> AllowOverride None
>>>>>>>>> Order allow,deny
>>>>>>>>> Allow from all
>>>>>>>>> RewriteEngine On
>>>>>>>>> RewriteBase /
>>>>>>>>> RewriteCond %{REQUEST_METHOD} POST
>>>>>>>>> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>>>>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>>>>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>>>>>>> RewriteRule ^(.*)$ - [R=403,L]
>>>>>>>>> RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
>>>>>>>>> RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
>>>>>>>>> RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
>>>>>>>>> RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
>>>>>>>>> RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
>>>>>>>>> RewriteRule ^(.*)$ index_error.php [F,L]
>>>>>>>>> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>>>>>>>> RewriteRule .* - [F]
>>>>>>>>> RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]
>>>>>>>>> RewriteCond %{REQUEST_FILENAME} !-f
>>>>>>>>> RewriteCond %{REQUEST_FILENAME} !-d
>>>>>>>>> RewriteRule . /index.php [L]
>>>>>>>>> </Directory>
>>>>>>>>>
>>>>>>>>> I also tried this : on the / directory .htaccess
>>>>>>>>> <FilesMatch wp-login.php>
>>>>>>>>> Order Allow,Deny
>>>>>>>>> Allow from 192.168.8.4
>>>>>>>>> Deny from all
>>>>>>>>> </FilesMatch>
>>>>>>>>>
>>>>>>>>> Is the wp-admin or wp-login.php script that I'm trying to protect
>>>>>>>>> from brute force attacks,
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Motty
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
