search

tokkonopapa / WordPress-IP-Geo-Block

A WordPress plugin that will blocks any comment, pingback and trackback spams posted from outside your nation. And it will also protect against malicious access to the login form, admin area and XML-RPC from undesired countries.
http://www.ipgeoblock.com/
29 stars 14 forks source link

WP ZEP for private/reserved IP #31

Closed ddur closed 6 years ago

ddur commented 6 years ago

I'm having issue with ZEP blocking background process on same server that is accessing wp_ajax from same server and private IP (127.0.0.1).

I wish that ZEP (or whole plugin) does not block private IPs. Or at least offer option to skip protection for private IP access.

While client IP can be faked, as far as I know, server IP can't. If you check server response IP ($_SERVER ['SERVER_ADDR']) with 

false === filter_var ($_SERVER ['SERVER_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE))

When server is responding on private IP address, then I believe that ZEP and other security filters can be safely disabled ?

TIA

tokkonopapa commented 6 years ago

Dear @ddur,

So sorry for my late replying.

When server is responding on private IP address, then I believe that ZEP and other security filters can be safely disabled ?

Yes, it's true!

IPGB already has a function is_private_ip() in the class IP_Geo_Block_Util just the same as your comment. So I'll adopt your idea in the next release.

It may also improve compatibility issues in some cases.

Thanks for your giving me heads-up!