BulletProof Security – Server Protocol based Brute Force Login Protection
-
I tried Brute Force Login Protection for both IP based and Server Protocol based.
Test OK for IP based protection.
But Not OK for Server Protocol based protctin as follows:▽Test Site – Imformed by AITpro
HTTP(S)-URL: http://www.your-domain.com/wp-login.php
・Test NG – Not observed 403 Forbidden
HTTP Request Header
Connect to 133.242.171.xxx on port 80 … ok
GET /wp-login.php HTTP/1.1[CRLF]▽Retry Settings as follows: It was tried several times.
1. Add Brute Force Login Protection Custom Code as follows – Copy and Paste from right siteCUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION:
This Custom Code text box is for optional/Bonus code. To get this code click the link below:
http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
#Add Custom Code
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ – [F,L]2. Click the Save Root Custom Code button
3. Go to the Security Modes page, click the Create secure.htaccess File.
And saved my IP data on secure.htaccess File.4. click the activate Root Folder BulletProof Mode again.
▽Retry Test – Same reply as follows
HTTP Request Header
Connect to 133.242.171.xxx on port 80 … ok
GET /wp-login.php HTTP/1.1[CRLF]▽Q
Is there any miss on Retry Settings ?
- トピック「BulletProof Security – Server Protocol based Brute Force Login Protection」には新たに返信することはできません。