[Tutorial] How to block XMLPRC.php in OLS

qtwrk · March 5, 2021, 6:54pm

go to server conf → log

set Log Level to DEBUG

set Debug Level to HIGH

sailorrr · March 5, 2021, 6:55pm

and this moment is confusing:

RewriteCond %{SERVER_ADDR} !^123\.123\.123\.123
RewriteRule wp-cron.php$ - [F,L]

Why it gives 403 if I request /wp-cron.php?doing_cron
But it doesn’t restrict access if I request just /wp-cron.php

sailorrr · March 5, 2021, 6:55pm

Yes, yes. Exactly like this:

go to server conf → log
set Log Level to DEBUG
set Debug Level to HIGH

qtwrk · March 5, 2021, 6:56pm

you can combine the server add with request uri in rewrite cond , so you can get rid of wp-cron.php in rewrite rule

sailorrr · March 5, 2021, 6:59pm

Please can you show an example? And thanks for your time and patience

qtwrk · March 5, 2021, 7:00pm

RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteCond %{REQUEST_URI} xmlrpc.php|wp-cron.php [NC]
RewriteRule .* - [F,L]

somethign like this

this means , if request url is wp-cron or xmlrpc , and client ip is not 123.123.123.123 , then 403

sailorrr · March 5, 2021, 7:02pm

is {SERVER_ADDR} possible here instead of {REMOTE_ADDR} ?

qtwrk · March 5, 2021, 7:03pm

https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond

you need to check this doc first

qtwrk · March 5, 2021, 7:06pm

server addr is the server itself

when request to a page, it is always a remote addr , even it is from 127.0.0.1 or server itself’s public/private ip

sailorrr · March 5, 2021, 7:11pm

Ok, you tired of me )) I will try to recognize these admin’s hieroglyphs
Thanks for your help!

sailorrr · March 5, 2021, 7:12pm

Ok, got it. Thanks you.

qtwrk · March 5, 2021, 7:13pm

not sure what do you mean by tired of you or hieroglyphs ? so far I have been typing/writing on Standard English alphabet, maybe not perfect in grammar as it’s not my native language .

basically when you want to do some condition check on rewritecond , you need to understand what is it to check against

sailorrr · March 5, 2021, 7:20pm

No, no, I don’t want to offend you in any way! Instead I’m very grateful to you for your help. I just meant that things like this one: Documentation: Apache HTTP Server - The Apache HTTP Server Project
Is a kind of hieroglyphs for me.

qtwrk · March 5, 2021, 7:21pm

yeah well , first time I read it is also like “hieroglyphs”

you just need to slow it down , read it line by line , it will sink in : )

sailorrr · March 5, 2021, 7:28pm

Oh, things got weirder:

RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1
RewriteCond %{REQUEST_URI} wp-cron.php|xmlrpc.php [NC]
RewriteRule .* - [F,L]

xmlrpc.php - shows 403
wp-cron.php - white page, as usual

alinabeen · April 7, 2021, 8:29am

And why do this? After all, sooner or later hackers will discover another vulnerability that can be exploited.

qtwrk · April 7, 2021, 9:44am

Type your comment> @alinabeen said:

And why do this? After all, sooner or later hackers will discover another vulnerability that can be exploited.

yeah , why use any software ? sooner or later , hackers will discover another vul that can be exploited