Menu
We're using Apache 2.4 as a proxy and I am trying to block access to the wp-login.php based on a list of IPs. Inside my VHost I have:
<Location />
ProxyPass http://my_app_server/
ProxyPassReverse http://my_app_server/
</Location>
<FilesMatch "wp-login\.php|xmlrpc\.php|admin-ajax\.php">
Require all denied
Require ip 123.456.789
Require ip 567.890.123
</FilesMatch>
For some treason it still lets everyone through.
Any ideas on where my stupidity is affecting this?
Thanks in advance!
934
asked Oct 17 '25 01:10
I have the following configuration behind a Apache ProxyReverse server:
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName myserver.net.ar
ServerAlias www.myserver.net.ar *.myserver.net.ar
ProxyPreserveHost On
ProxyPass / http://10.0.84.85:80/
ProxyPassReverse / http://10.0.84.85:80/
</VirtualHost>
And in the LXC container
<FilesMatch "wp-login\.php|xmlrpc\.php|admin-ajax\.php">
Require ip 10.0.0.0/8
Require ip 192.168.0.0/8
order deny,allow
Deny from all
</FilesMatch>
IP mask are really important: /8 match any machine on the range, and /24 match only an specific ip.
Hope this helps
108
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
