Forum Discussion

Nimbostratus

Oct 02, 2013

Blocking wp-login on wordpress ..

Hi All, I need to block the access on wp-login resource from external ip. I try this Irule : when HTTP_REQUEST { if { ! ([IP::addr "10.0.0.0 mask 255.0.0.0" equals [IP::client_addr]]) }...

Cirrostratus

Oct 02, 2013

If you do actually have a HTTP profile assigned, try this (I've just tidied up the test expression);

when HTTP_REQUEST {
  if { ! [IP::addr [IP::client_addr] equals 10.0.0.0/24) } { 
    log local0. "Client IP: [IP::client_addr]"
    switch -glob [string tolower [HTTP::uri]] { 
      "/admin" { log local0. "ADMIN" drop log local0. "Dropped admin [IP::client_addr]" } 
      "/wp-login" { log local0. "LOGIN" drop log local0. "Dropped login [IP::client_addr]" } 
      default { return } 
    }
  }
}

If you don't have a HTTP profile assigned, change the event to 'when CLIENT_ACCEPTED'.

Forum Discussion

Blocking wp-login on wordpress ..

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Blocking Zero-day WordPress Attacks with F5 Essential App Protect

WordPress Content Injection Vulnerability - ASM Mitigation

Block traffic

domain blocking

Block IP after a number of ASM Blocks