Title: sysstem's Replies | WordPress.org --- # sysstem [ ](https://wordpress.org/support/users/sysstem/) * [Profile](https://wordpress.org/support/users/sysstem/) * [Topics Started](https://wordpress.org/support/users/sysstem/topics/) * [Replies Created](https://wordpress.org/support/users/sysstem/replies/) * [Reviews Written](https://wordpress.org/support/users/sysstem/reviews/) * [Topics Replied To](https://wordpress.org/support/users/sysstem/replied-to/) * [Engagements](https://wordpress.org/support/users/sysstem/engagements/) * [Favorites](https://wordpress.org/support/users/sysstem/favorites/) Search replies: ## Forum Replies Created Viewing 4 replies - 1 through 4 (of 4 total) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[NinjaScanner - Virus & Malware scan] Protect admin-ajax against bots does not exclude localhost ipv6](https://wordpress.org/support/topic/protect-admin-ajax-against-bots-does-not-exclude-localhost-ipv6/) * Thread Starter [sysstem](https://wordpress.org/support/users/sysstem/) * (@sysstem) * [1 year, 3 months ago](https://wordpress.org/support/topic/protect-admin-ajax-against-bots-does-not-exclude-localhost-ipv6/#post-18331051) * The error shows in the log but not often, the cron makes a request every minute, but the log entries are not more than 4 or 5 per day, so I think it’s fine. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[NinjaScanner - Virus & Malware scan] Protect admin-ajax against bots does not exclude localhost ipv6](https://wordpress.org/support/topic/protect-admin-ajax-against-bots-does-not-exclude-localhost-ipv6/) * Thread Starter [sysstem](https://wordpress.org/support/users/sysstem/) * (@sysstem) * [1 year, 3 months ago](https://wordpress.org/support/topic/protect-admin-ajax-against-bots-does-not-exclude-localhost-ipv6/#post-18324514) * I think I should have mentioned that my domain is proxied on cloudflare, however, I’m using the .htninja file in order to detect the correct originating IP using the cloudflare header: * if (! empty($_SERVER[“HTTP_CF_CONNECTING_IP”]) && filter_var($_SERVER[“HTTP_CF_CONNECTING_IP”], FILTER_VALIDATE_IP)) {$_SERVER[“REMOTE_ADDR”] = $_SERVER[“HTTP_CF_CONNECTING_IP”];} * Below are the requested values: * $_SERVER[‘HTTP_ACCEPT_ENCODING’] gzip, br $_SERVER[‘HTTP_ACCEPT’] text/html,application/ xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/ signed-exchange;v=b3;q=0.7$_SERVER[‘HTTP_ACCEPT_LANGUAGE’] en-US,en;q=0.9,ar; q=0.8$_SERVER[‘HTTP_USER_AGENT’] Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/ 537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0 * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[NinjaScanner - Virus & Malware scan] Protect admin-ajax against bots does not exclude localhost ipv6](https://wordpress.org/support/topic/protect-admin-ajax-against-bots-does-not-exclude-localhost-ipv6/) * Thread Starter [sysstem](https://wordpress.org/support/users/sysstem/) * (@sysstem) * [1 year, 3 months ago](https://wordpress.org/support/topic/protect-admin-ajax-against-bots-does-not-exclude-localhost-ipv6/#post-18322228) * That’s under policies: Your server IP (209.42.x.x), localhost and private IP addresses will not be affected by this policy.And that’s in the log:21/Feb/25 22:14:11 #3453061 MEDIUM – 2a07:ab00:ff:fffe::4 POST /wp-admin/admin-ajax.php– Blocked access to admin-ajax.php – [bot detection is enabled] – And in the dns zone: I have an A record for the IPv4, and and AAAA record for the v6 * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[NinjaScanner - Virus & Malware scan] Protect admin-ajax against bots does not exclude localhost ipv6](https://wordpress.org/support/topic/protect-admin-ajax-against-bots-does-not-exclude-localhost-ipv6/) * Thread Starter [sysstem](https://wordpress.org/support/users/sysstem/) * (@sysstem) * [1 year, 3 months ago](https://wordpress.org/support/topic/protect-admin-ajax-against-bots-does-not-exclude-localhost-ipv6/#post-18320012) * Yes in the log the log I see the IPv6 is trying to send, and gets blocked, and in the policies page I see that the IPv4 is whitelisted. Viewing 4 replies - 1 through 4 (of 4 total)