Your code has a syntax error, it misses a closing } character.
This one is fine:
<?php
/*
+============================================================================================+
| NinjaFirewall optional configuration file |
| |
| See: https://blog.nintechnet.com/ninjafirewall-pro-edition-the-htninja-configuration-file/ |
+============================================================================================+
*/
// Users of Cloudflare CDN:
if (! empty($_SERVER["HTTP_CF_CONNECTING_IP"]) &&
filter_var($_SERVER["HTTP_CF_CONNECTING_IP"],FILTER_VALIDATE_IP) ) {
$_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
if ( $_SERVER["REMOTE_ADDR"] == '1.2.3.4' ) {
return 'ALLOW'; // whitelist
}
Thanks.
It may make a good addition to the .htninja documentation page on the website.
Cheers.
Return ‘ALLOW’; // whitelist isn’t a unconditional all whitelist?
I am trying to allow MainWP through (on another server) and NF seems to like block it.
24/Feb/20 11:59:27 #5926404 MEDIUM - 199.16.XXX.XXX POST /wordpress/wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - XXXXXXX.com
25/Feb/20 11:59:21 #8795847 MEDIUM - 199.16.XXX.XXX POST /wordpress/wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - XXXXXXX.com
25/Feb/20 11:59:24 #6067405 MEDIUM - 199.16.XXX.XXX POST /wordpress/wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - XXXXXXX.com
Any suggestions?
Did you check in the firewall’s “Dashboard” page if the .htninja is detected and loaded by the firewall?
Hi !
And when you want to allow multiple folders without filtering ??? :
if (strpos($_SERVER[‘SCRIPT_NAME’], ‘/my-first-folder-without-filtering/’) !== FALSE) {
return ‘ALLOW’;
works for the first folder, how i can add a second, third folder to this code ??
thanks
This is regular PHP code. See some PHP tutorials if you aren’t familiar with PHP.
<?php
if ( strpos($_SERVER['SCRIPT_NAME'], 'some-script.php') !== FALSE ||
strpos($_SERVER['SCRIPT_NAME'], 'another-script.php') !== FALSE ||
strpos($_SERVER['SCRIPT_NAME'], '/a-folder/') !== FALSE ) {
return 'ALLOW';
}
Make sure the folders exist on your site (i.e., you can see them when you connect over FTP). If they don’t exist, they aren’t folders but permalinks, which means you should use $_SERVER['REQUEST_URI'] instead of $_SERVER['SCRIPT_NAME'].
