/** * Process quick ban of host. * * Immediately adds the supplied host to the .htaccess file for banning. * * @since 4.0.0 * * @param string $host the host to ban * * @return bool true on success or false on failure */ public static function quick_ban($host) { $host = trim($host); if (!class_exists('ITSEC_Lib_IP_Tools')) { $itsec_core = ITSEC_Core::get_instance(); require_once dirname($itsec_core->get_plugin_file()) . '/core/lib/class-itsec-lib-ip-tools.php'; } if (!ITSEC_Lib_IP_Tools::validate($host)) { return false; } $host_rule = '# ' . __('Quick ban IP. Will be updated on next formal rules save.', 'better-wp-security') . "\n"; if ('nginx' === ITSEC_Lib::get_server()) { $host_rule .= "\tdeny {$host};\n"; } else { if ('apache' === ITSEC_Lib::get_server()) { $dhost = str_replace('.', '\\.', $host); //re-define $dhost to match required output for SetEnvIf-RegEX $host_rule .= "SetEnvIF REMOTE_ADDR \"^{$dhost}\$\" DenyAccess\n"; //Ban IP $host_rule .= "SetEnvIF X-FORWARDED-FOR \"^{$dhost}\$\" DenyAccess\n"; //Ban IP from Proxy-User $host_rule .= "SetEnvIF X-CLUSTER-CLIENT-IP \"^{$dhost}\$\" DenyAccess\n"; //Ban IP for Cluster/Cloud-hosted WP-Installs $host_rule .= "<IfModule mod_authz_core.c>\n"; $host_rule .= "\t<RequireAll>\n"; $host_rule .= "\t\tRequire all granted\n"; $host_rule .= "\t\tRequire not env DenyAccess\n"; $host_rule .= "\t\tRequire not ip {$host}\n"; $host_rule .= "\t</RequireAll>\n"; $host_rule .= "</IfModule>\n"; $host_rule .= "<IfModule !mod_authz_core.c>\n"; $host_rule .= "\tOrder allow,deny\n"; $host_rule .= "\tDeny from env=DenyAccess\n"; $host_rule .= "\tDeny from {$host}\n"; $host_rule .= "\tAllow from all\n"; $host_rule .= "</IfModule>\n"; } } require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-config-file.php'; $result = ITSEC_Lib_Config_File::append_server_config($host_rule); if (is_wp_error($result)) { return false; } return true; }
/** * Process quick ban of host. * * Immediately adds the supplied host to the .htaccess file for banning. * * @since 4.0.0 * * @param string $host the host to ban * * @return bool true on success or false on failure */ public static function quick_ban( $host ) { $host = trim( $host ); if ( ! ITSEC_Lib::validates_ip_address( $host ) ) { return false; } $host_rule = '# ' . __( 'Quick ban IP. Will be updated on next formal rules save.', 'it-l10n-ithemes-security-pro' ) . "\n"; if ( 'nginx' === ITSEC_Lib::get_server() ) { $host_rule .= "\tdeny $host;\n"; } else if ( 'apache' === ITSEC_Lib::get_server() ) { $dhost = str_replace( '.', '\\.', $host ); //re-define $dhost to match required output for SetEnvIf-RegEX $host_rule .= "SetEnvIF REMOTE_ADDR \"^$dhost$\" DenyAccess\n"; //Ban IP $host_rule .= "SetEnvIF X-FORWARDED-FOR \"^$dhost$\" DenyAccess\n"; //Ban IP from Proxy-User $host_rule .= "SetEnvIF X-CLUSTER-CLIENT-IP \"^$dhost$\" DenyAccess\n"; //Ban IP for Cluster/Cloud-hosted WP-Installs $host_rule .= "<IfModule mod_authz_core.c>\n"; $host_rule .= "\t<RequireAll>\n"; $host_rule .= "\t\tRequire all granted\n"; $host_rule .= "\t\tRequire not env DenyAccess\n"; $host_rule .= "\t\tRequire not ip $host\n"; $host_rule .= "\t</RequireAll>\n"; $host_rule .= "</IfModule>\n"; $host_rule .= "<IfModule !mod_authz_core.c>\n"; $host_rule .= "\tOrder allow,deny\n"; $host_rule .= "\tDeny from env=DenyAccess\n"; $host_rule .= "\tDeny from $host\n"; $host_rule .= "\tAllow from all\n"; $host_rule .= "</IfModule>\n"; } require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-config-file.php' ); $result = ITSEC_Lib_Config_File::append_server_config( $host_rule ); if ( is_wp_error( $result ) ) { return false; } return true; }