does it support terminate external connection?

  • Resolved alexlii

    (@alexlii)


    8 years, 1 month ago

    Hi

    Please check the screenshot:
    http://prntscr.com/jeciq0

    In plugin and theme, there are always some external connections, these connections should be put in by authors or plugin or themes, and not related to the functions of plugins and theme, does IP-Geo-Block support to block those external connections please?

    Alex

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    8 years, 1 month ago

    Hi @alexlii,

    Unfortunately, it can not be support because the blocking method of inbound and outbound is very different.

    And I think that if you blocked them, “Pro” functions would become unavailable.

    Thread Starter alexlii

    (@alexlii)

    8 years ago

    Hi @tokkonopapa,

    Please check this url of wordpress official:
    https://codex.ww.wp.xz.cn/Editing_wp-config.php#Moving_wp-content_folder

    Block External URL Requests
    Block external URL requests by defining WP_HTTP_BLOCK_EXTERNAL as true and this will only allow localhost and your blog to make requests. The constant WP_ACCESSIBLE_HOSTS will allow additional hosts to go through for requests. The format of the WP_ACCESSIBLE_HOSTS constant is a comma separated list of hostnames to allow, wildcard domains are supported, eg *.ww.wp.xz.cn will allow for all subdomains of ww.wp.xz.cn to be contacted.

    define( ‘WP_HTTP_BLOCK_EXTERNAL’, true );
    define( ‘WP_ACCESSIBLE_HOSTS’, ‘api.ww.wp.xz.cn,*.github.com’ );

    What I mean is that some external connections seems no related to function working, it is quite suspicious…

    for security consideration, it would be great IP-Geo-Block can detect and optionally block it.

    Alex

    Plugin Author tokkonopapa

    (@tokkonopapa)

    8 years ago

    Hi Alex,

    Thank you for the info. If such functionality can help to find the security issues (e.g. compromised file which has malicious outbound links), I’d like to equip it. But unfortunately, that feature could not work well, because it works only when the request is created using WP_Http class library or is sent via wp_remote_request() function. Attackers never use it. They use some low level PHP functions or just JavaScript. And some plugin developers also may not use it.

    Sorry, I won’t adopt it.

    If you have some suspicious, you had better to ask plugin’s author in order to avoid unexpected side effects before you eliminate such requests.

    Anyway, thank you for your suggestion!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘does it support terminate external connection?’ is closed to new replies.