public static function whitelistIP($IP) { //IP as a string in dotted quad notation e.g. '10.11.12.13' $IP = trim($IP); $user_range = new wfUserIPRange($IP); if (!$user_range->isValidRange()) { throw new Exception("The IP you provided must be in dotted quad notation or use ranges with square brackets. e.g. 10.11.12.13 or 10.11.12.[1-50]"); } $whites = wfConfig::get('whitelisted', ''); $arr = explode(',', $whites); $arr2 = array(); foreach ($arr as $e) { if ($e == $IP) { return false; } $arr2[] = trim($e); } $arr2[] = $IP; wfConfig::set('whitelisted', implode(',', $arr2)); return true; }
/** * Convert CIDR notation to a wfUserIPRange object * * @param string $cidr * @return wfUserIPRange */ public static function CIDR2wfUserIPRange($cidr) { list($network, $prefix) = array_pad(explode('/', $cidr, 2), 2, null); $ip_range = new wfUserIPRange(); if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { // If no prefix was supplied, 32 is implied for IPv4 if ($prefix === null) { $prefix = 32; } // Validate the IPv4 network prefix if ($prefix < 0 || $prefix > 32) { return $ip_range; } // Increase the IPv4 network prefix to work in the IPv6 address space $prefix += 96; } else { // If no prefix was supplied, 128 is implied for IPv6 if ($prefix === null) { $prefix = 128; } // Validate the IPv6 network prefix if ($prefix < 1 || $prefix > 128) { return $ip_range; } } // Convert human readable address to 128 bit (IPv6) binary string // Note: self::inet_pton converts IPv4 addresses to IPv6 compatible versions $binary_network = self::inet_pton($network); $binary_mask = wfHelperBin::str2bin(str_pad(str_repeat('1', $prefix), 128, '0', STR_PAD_RIGHT)); // Calculate first and last address $binary_first = $binary_network & $binary_mask; $binary_last = $binary_network | ~$binary_mask; // Convert binary addresses back to human readable strings $first = self::inet_ntop($binary_first); $last = self::inet_ntop($binary_last); if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { $first = self::expandIPv6Address($first); $last = self::expandIPv6Address($last); } // Split addresses into segments $first_array = preg_split('/[\\.\\:]/', $first); $last_array = preg_split('/[\\.\\:]/', $last); // Make sure arrays are the same size. IPv6 '::' could cause problems otherwise. // The strlen filter should leave zeros in place $first_array = array_pad(array_filter($first_array, 'strlen'), count($last_array), '0'); $range_segments = array(); foreach ($first_array as $index => $segment) { if ($segment === $last_array[$index]) { $range_segments[] = str_pad(ltrim($segment, '0'), 1, '0'); } else { if ($segment === '' || $last_array[$index] === '') { $range_segments[] = ''; } else { $range_segments[] = "[" . str_pad(ltrim($segment, '0'), 1, '0') . "-" . str_pad(ltrim($last_array[$index], '0'), 1, '0') . "]"; } } } $delimiter = filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? '.' : ':'; $ip_range->setIPString(implode($delimiter, $range_segments)); return $ip_range; }
/** * @param string $IP Should be in dot or colon notation (127.0.0.1 or ::1) * @return bool */ public function isWhitelisted($IP) { $wfIPBlock = new wfUserIPRange('69.46.36.[1-32]'); if ($wfIPBlock->isIPInRange($IP)) { //IP is in Wordfence's IP block which would prevent our scanning server manually kicking off scans that are stuck return true; } //We now whitelist all private addrs if (wfUtils::isPrivateAddress($IP)) { return true; } //These belong to sucuri's scanning servers which will get blocked by Wordfence as a false positive if you try a scan. So we whitelisted them. $externalWhite = array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80'); if (in_array($IP, $externalWhite)) { return true; } $list = wfConfig::get('whitelisted'); if (!$list) { return false; } $list = explode(',', $list); if (sizeof($list) < 1) { return false; } foreach ($list as $whiteIP) { $white_ip_block = new wfUserIPRange($whiteIP); if ($white_ip_block->isIPInRange($IP)) { return true; } } return false; }