search

tokkonopapa / WordPress-IP-Geo-Block

A WordPress plugin that will blocks any comment, pingback and trackback spams posted from outside your nation. And it will also protect against malicious access to the login form, admin area and XML-RPC from undesired countries.
http://www.ipgeoblock.com/
29 stars 14 forks source link

Easyupdates manager not working with IP Geo Block enabled #21

Closed amavarick closed 6 years ago

amavarick commented 6 years ago

https://wordpress.org/plugins/stops-core-theme-and-plugin-updates/

If I enable IP Geo Block, I have problems with EasyUpdates Plugin.

VM14635:1 POST https://....mydomainname..../wp-admin/admin-ajax.php 404 (Not Found)

amavarick commented 6 years ago

{ "ip_geo_block_settings[version]": "3.0.4.6", "ip_geo_block_settings[matching_rule]": "0", "ip_geo_block_settings[white_list]": "US", "ip_geo_block_settings[black_list]": "ZZ", "ip_geo_block_settings[extra_ips][white_list]": "", "ip_geo_block_settings[extra_ips][black_list]": "", "ip_geo_block_settings[signature]": "../,/wp-config.php,/passwd", "ip_geo_block_settings[login_fails]": "7", "ip_geo_block_settings[response_code]": "404", "ip_geo_block_settings[response_msg]": "Document or file requested by the client was not found.", "ip_geo_block_settings[redirect_uri]": "http://blackhole.webpagetest.org/", "ip_geo_block_settings[validation][timing]": "0", "ip_geo_block_settings[validation][proxy]": "", "ip_geo_block_settings[validation][comment]": "1", "ip_geo_block_settings[validation][xmlrpc]": "2", "ip_geo_block_settings[validation][login]": "1", "ip_geo_block_settings[login_action][login]": "1", "ip_geo_block_settings[login_action][register]": "1", "ip_geo_block_settings[login_action][resetpass]": "1", "ip_geo_block_settings[login_action][lostpassword]": "1", "ip_geo_block_settings[login_action][postpass]": "1", "ip_geo_block_settings[validation][admin][1]": 1, "ip_geo_block_settings[validation][admin][2]": 0, "ip_geo_block_settings[validation][ajax][1]": 1, "ip_geo_block_settings[validation][ajax][2]": 2, "ip_geo_block_settings[validation][plugins]": "0", "ip_geo_block_settings[validation][themes]": "0", "ip_geo_block_settings[validation][includes]": "3", "ip_geo_block_settings[validation][uploads]": "3", "ip_geo_block_settings[validation][languages]": "3", "ip_geo_block_settings[validation][public]": "0", "ip_geo_block_settings[validation][restapi]": "3", "ip_geo_block_settings[validation][mimetype]": "1", "ip_geo_block_settings[rewrite][plugins]": "", "ip_geo_block_settings[rewrite][themes]": "", "ip_geo_block_settings[rewrite][includes]": "", "ip_geo_block_settings[rewrite][uploads]": "", "ip_geo_block_settings[rewrite][languages]": "", "ip_geo_block_settings[exception][admin]": "", "ip_geo_block_settings[exception][public]": "bbp-new-topic,bbp-edit-topic,bbp-new-reply,bbp-edit-reply", "ip_geo_block_settings[exception][includes]": "", "ip_geo_block_settings[exception][uploads]": "", "ip_geo_block_settings[exception][languages]": "", "ip_geo_block_settings[exception][restapi]": "", "ip_geo_block_settings[public][matching_rule]": "-1", "ip_geo_block_settings[public][white_list]": "", "ip_geo_block_settings[public][black_list]": "ZZ", "ip_geo_block_settings[public][target_rule]": "0", "ip_geo_block_settings[public][target_pages]": "", "ip_geo_block_settings[public][target_posts]": "", "ip_geo_block_settings[public][target_cates]": "", "ip_geo_block_settings[public][target_tags]": "", "ip_geo_block_settings[public][ua_list]": "Google:HOST,bot:HOST,slurp:HOST\nspider:HOST,archive:HOST,*:FEED\nembed.ly:HOST,Twitterbot:US,Facebot:US", "ip_geo_block_settings[public][simulate]": "", "ip_geo_block_settings[public][dnslkup]": "", "ip_geo_block_settings[public][response_code]": "307", "ip_geo_block_settings[public][redirect_uri]": "", "ip_geo_block_settings[providers][Maxmind]": "", "ip_geo_block_settings[providers][IP2Location]": "", "ip_geo_block_settings[providers][freegeoip.net]": "", "ip_geo_block_settings[providers][ipinfo.io]": "", "ip_geo_block_settings[providers][IP-Json]": "", "ip_geo_block_settings[providers][Nekudo]": "", "ip_geo_block_settings[providers][Xhanch]": "", "ip_geo_block_settings[providers][GeoIPLookup]": "", "ip_geo_block_settings[providers][ip-api.com]": "", "ip_geo_block_settings[providers][IPInfoDB]": "", "ip_geo_block_settings[save_statistics]": "1", "ip_geo_block_settings[validation][reclogs]": "1", "ip_geo_block_settings[validation][recdays]": "30", "ip_geo_block_settings[validation][maxlogs]": "100", "ip_geo_block_settings[validation][postkey]": "action,comment,log,pwd,FILES", "ip_geo_block_settings[update][auto]": "1", "ip_geo_block_settings[anonymize]": "", "ip_geo_block_settings[cache_time_gc]": "900", "ip_geo_block_settings[cache_hold]": "10", "ip_geo_block_settings[cache_time]": "3600", "ip_geo_block_settings[comment][pos]": "0", "ip_geo_block_settings[comment][msg]": "", "ip_geo_block_settings[clean_uninstall]": "", "ip_geo_block_settings[api_key][GoogleMap]": "", "ip_geo_block_settings[network_wide]": "", "ip_geo_block_settings[mimetype][white_list][jpg|jpeg|jpe]": "image/jpeg", "ip_geo_block_settings[mimetype][white_list][gif]": "image/gif", "ip_geo_block_settings[mimetype][white_list][png]": "image/png", "ip_geo_block_settings[mimetype][white_list][ico]": "image/x-icon", "ip_geo_block_settings[mimetype][white_list][wmv]": "video/x-ms-wmv", "ip_geo_block_settings[mimetype][white_list][avi]": "video/avi", "ip_geo_block_settings[mimetype][white_list][mov|qt]": "video/quicktime", "ip_geo_block_settings[mimetype][white_list][mpeg|mpg|mpe]": "video/mpeg", "ip_geo_block_settings[mimetype][white_list][mp4|m4v]": "video/mp4", "ip_geo_block_settings[mimetype][white_list][ogv]": "video/ogg", "ip_geo_block_settings[mimetype][white_list][3gp|3gpp]": "video/3gpp", "ip_geo_block_settings[mimetype][white_list][3g2|3gp2]": "video/3gpp2", "ip_geo_block_settings[mimetype][white_list][mp3|m4a|m4b]": "audio/mpeg", "ip_geo_block_settings[mimetype][white_list][wav]": "audio/wav", "ip_geo_block_settings[mimetype][white_list][ogg|oga]": "audio/ogg", "ip_geo_block_settings[mimetype][white_list][pdf]": "application/pdf", "ip_geo_block_settings[mimetype][white_list][psd]": "application/octet-stream", "ip_geo_block_settings[mimetype][white_list][doc]": "application/msword", "ip_geo_block_settings[mimetype][white_list][pot|pps|ppt]": "application/vnd.ms-powerpoint", "ip_geo_block_settings[mimetype][white_list][xla|xls|xlt|xlw]": "application/vnd.ms-excel", "ip_geo_block_settings[mimetype][white_list][docx]": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "ip_geo_block_settings[mimetype][white_list][xlsx]": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "ip_geo_block_settings[mimetype][white_list][pptx]": "application/vnd.openxmlformats-officedocument.presentationml.presentation", "ip_geo_block_settings[mimetype][white_list][ppsx]": "application/vnd.openxmlformats-officedocument.presentationml.slideshow", "ip_geo_block_settings[mimetype][white_list][odt]": "application/vnd.oasis.opendocument.text", "ip_geo_block_settings[mimetype][black_list]": "asp,aspx,cgi,exe,js,jsp,php,php3,php4,php5,pl,py,pht,phtml,html,htm,shtml,htaccess,sh,svg,gz,zip,rar,tar", "ip_geo_block_settings[mimetype][capability]": "upload_files", "ip_geo_block_settings[Maxmind][use_asn]": "0" }

tokkonopapa commented 6 years ago

Hi @amavarick ,

Thank you for the information about your settings. I checked the codes in Easy Updates Manager and found there are 2 types of ajax request to /wp-admin/admin-ajax.php. One uses jQuery and another uses browser's native function XMLHttpRequest().

And unfortunately, "Prevent Zero-day Exploit" can not be supported for the later one. So please select some actions to exclude the target of ZEP at "Admin ajax/post" in "Back-end target settings" section like following:

adminajaxpost

Even if you specify the above, those actions requested from blacklisted countries are still blocked because you also enable "Block by country".

I hope this may solve the issue. Thanks.