/**
* Process quick ban of host.
*
* Immediately adds the supplied host to the .htaccess file for banning.
*
* @since 4.0.0
*
* @param string $host the host to ban
*
* @return bool true on success or false on failure
*/
public static function quick_ban($host)
{
$host = trim($host);
if (!class_exists('ITSEC_Lib_IP_Tools')) {
$itsec_core = ITSEC_Core::get_instance();
require_once dirname($itsec_core->get_plugin_file()) . '/core/lib/class-itsec-lib-ip-tools.php';
}
if (!ITSEC_Lib_IP_Tools::validate($host)) {
return false;
}
$host_rule = '# ' . __('Quick ban IP. Will be updated on next formal rules save.', 'better-wp-security') . "\n";
if ('nginx' === ITSEC_Lib::get_server()) {
$host_rule .= "\tdeny {$host};\n";
} else {
if ('apache' === ITSEC_Lib::get_server()) {
$dhost = str_replace('.', '\\.', $host);
//re-define $dhost to match required output for SetEnvIf-RegEX
$host_rule .= "SetEnvIF REMOTE_ADDR \"^{$dhost}\$\" DenyAccess\n";
//Ban IP
$host_rule .= "SetEnvIF X-FORWARDED-FOR \"^{$dhost}\$\" DenyAccess\n";
//Ban IP from Proxy-User
$host_rule .= "SetEnvIF X-CLUSTER-CLIENT-IP \"^{$dhost}\$\" DenyAccess\n";
//Ban IP for Cluster/Cloud-hosted WP-Installs
$host_rule .= "<IfModule mod_authz_core.c>\n";
$host_rule .= "\t<RequireAll>\n";
$host_rule .= "\t\tRequire all granted\n";
$host_rule .= "\t\tRequire not env DenyAccess\n";
$host_rule .= "\t\tRequire not ip {$host}\n";
$host_rule .= "\t</RequireAll>\n";
$host_rule .= "</IfModule>\n";
$host_rule .= "<IfModule !mod_authz_core.c>\n";
$host_rule .= "\tOrder allow,deny\n";
$host_rule .= "\tDeny from env=DenyAccess\n";
$host_rule .= "\tDeny from {$host}\n";
$host_rule .= "\tAllow from all\n";
$host_rule .= "</IfModule>\n";
}
}
require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-config-file.php';
$result = ITSEC_Lib_Config_File::append_server_config($host_rule);
if (is_wp_error($result)) {
return false;
}
return true;
}
/**
* Process quick ban of host.
*
* Immediately adds the supplied host to the .htaccess file for banning.
*
* @since 4.0.0
*
* @param string $host the host to ban
*
* @return bool true on success or false on failure
*/
public static function quick_ban( $host ) {
$host = trim( $host );
if ( ! ITSEC_Lib::validates_ip_address( $host ) ) {
return false;
}
$host_rule = '# ' . __( 'Quick ban IP. Will be updated on next formal rules save.', 'it-l10n-ithemes-security-pro' ) . "\n";
if ( 'nginx' === ITSEC_Lib::get_server() ) {
$host_rule .= "\tdeny $host;\n";
} else if ( 'apache' === ITSEC_Lib::get_server() ) {
$dhost = str_replace( '.', '\\.', $host ); //re-define $dhost to match required output for SetEnvIf-RegEX
$host_rule .= "SetEnvIF REMOTE_ADDR \"^$dhost$\" DenyAccess\n"; //Ban IP
$host_rule .= "SetEnvIF X-FORWARDED-FOR \"^$dhost$\" DenyAccess\n"; //Ban IP from Proxy-User
$host_rule .= "SetEnvIF X-CLUSTER-CLIENT-IP \"^$dhost$\" DenyAccess\n"; //Ban IP for Cluster/Cloud-hosted WP-Installs
$host_rule .= "<IfModule mod_authz_core.c>\n";
$host_rule .= "\t<RequireAll>\n";
$host_rule .= "\t\tRequire all granted\n";
$host_rule .= "\t\tRequire not env DenyAccess\n";
$host_rule .= "\t\tRequire not ip $host\n";
$host_rule .= "\t</RequireAll>\n";
$host_rule .= "</IfModule>\n";
$host_rule .= "<IfModule !mod_authz_core.c>\n";
$host_rule .= "\tOrder allow,deny\n";
$host_rule .= "\tDeny from env=DenyAccess\n";
$host_rule .= "\tDeny from $host\n";
$host_rule .= "\tAllow from all\n";
$host_rule .= "</IfModule>\n";
}
require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-config-file.php' );
$result = ITSEC_Lib_Config_File::append_server_config( $host_rule );
if ( is_wp_error( $result ) ) {
return false;
}
return true;
}
