public static function whitelistIP($IP)
{
//IP as a string in dotted quad notation e.g. '10.11.12.13'
$IP = trim($IP);
$user_range = new wfUserIPRange($IP);
if (!$user_range->isValidRange()) {
throw new Exception("The IP you provided must be in dotted quad notation or use ranges with square brackets. e.g. 10.11.12.13 or 10.11.12.[1-50]");
}
$whites = wfConfig::get('whitelisted', '');
$arr = explode(',', $whites);
$arr2 = array();
foreach ($arr as $e) {
if ($e == $IP) {
return false;
}
$arr2[] = trim($e);
}
$arr2[] = $IP;
wfConfig::set('whitelisted', implode(',', $arr2));
return true;
}
/**
* Convert CIDR notation to a wfUserIPRange object
*
* @param string $cidr
* @return wfUserIPRange
*/
public static function CIDR2wfUserIPRange($cidr)
{
list($network, $prefix) = array_pad(explode('/', $cidr, 2), 2, null);
$ip_range = new wfUserIPRange();
if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
// If no prefix was supplied, 32 is implied for IPv4
if ($prefix === null) {
$prefix = 32;
}
// Validate the IPv4 network prefix
if ($prefix < 0 || $prefix > 32) {
return $ip_range;
}
// Increase the IPv4 network prefix to work in the IPv6 address space
$prefix += 96;
} else {
// If no prefix was supplied, 128 is implied for IPv6
if ($prefix === null) {
$prefix = 128;
}
// Validate the IPv6 network prefix
if ($prefix < 1 || $prefix > 128) {
return $ip_range;
}
}
// Convert human readable address to 128 bit (IPv6) binary string
// Note: self::inet_pton converts IPv4 addresses to IPv6 compatible versions
$binary_network = self::inet_pton($network);
$binary_mask = wfHelperBin::str2bin(str_pad(str_repeat('1', $prefix), 128, '0', STR_PAD_RIGHT));
// Calculate first and last address
$binary_first = $binary_network & $binary_mask;
$binary_last = $binary_network | ~$binary_mask;
// Convert binary addresses back to human readable strings
$first = self::inet_ntop($binary_first);
$last = self::inet_ntop($binary_last);
if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$first = self::expandIPv6Address($first);
$last = self::expandIPv6Address($last);
}
// Split addresses into segments
$first_array = preg_split('/[\\.\\:]/', $first);
$last_array = preg_split('/[\\.\\:]/', $last);
// Make sure arrays are the same size. IPv6 '::' could cause problems otherwise.
// The strlen filter should leave zeros in place
$first_array = array_pad(array_filter($first_array, 'strlen'), count($last_array), '0');
$range_segments = array();
foreach ($first_array as $index => $segment) {
if ($segment === $last_array[$index]) {
$range_segments[] = str_pad(ltrim($segment, '0'), 1, '0');
} else {
if ($segment === '' || $last_array[$index] === '') {
$range_segments[] = '';
} else {
$range_segments[] = "[" . str_pad(ltrim($segment, '0'), 1, '0') . "-" . str_pad(ltrim($last_array[$index], '0'), 1, '0') . "]";
}
}
}
$delimiter = filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? '.' : ':';
$ip_range->setIPString(implode($delimiter, $range_segments));
return $ip_range;
}
/**
* @param string $IP Should be in dot or colon notation (127.0.0.1 or ::1)
* @return bool
*/
public function isWhitelisted($IP)
{
$wfIPBlock = new wfUserIPRange('69.46.36.[1-32]');
if ($wfIPBlock->isIPInRange($IP)) {
//IP is in Wordfence's IP block which would prevent our scanning server manually kicking off scans that are stuck
return true;
}
//We now whitelist all private addrs
if (wfUtils::isPrivateAddress($IP)) {
return true;
}
//These belong to sucuri's scanning servers which will get blocked by Wordfence as a false positive if you try a scan. So we whitelisted them.
$externalWhite = array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80');
if (in_array($IP, $externalWhite)) {
return true;
}
$list = wfConfig::get('whitelisted');
if (!$list) {
return false;
}
$list = explode(',', $list);
if (sizeof($list) < 1) {
return false;
}
foreach ($list as $whiteIP) {
$white_ip_block = new wfUserIPRange($whiteIP);
if ($white_ip_block->isIPInRange($IP)) {
return true;
}
}
return false;
}
