Hi, I added a firewall rule to block any URI that contains wp-login.php and excluded my IP address. I used a VPS to change my IP and I was able to login on a different IP. Please what can I do?
May I ask URI path or some other?
May I ask you to post your expression of your
Firewall Rule you have crated and used?
Do you have any other
How about using a VPN connection, or for example putting your home ISP IP address, and then test using your mobile data (cellular, LTE, EDGE …) if you can access via your phone or do you actually get the
1020 Access Denied Cloudflare page?
The correct one which works for me (Block all the requests which contain wp-login.php, even some query parameters after in case of a URL redirection, etc. except if the requests is comming from my IP address) would look like below:
(http.request.uri.path contains "wp-login.php" and ip.src ne 22.214.171.124)
Generally I use
URI path and it works in all sort of combination with
From your screenshot, try changing
Furthermore, may I ask are you going straight to the
https://www.yourdomain.com/wp-login.php or like
/wp-admin/ which redirects you to
Just to add a note here, in between modifying your
Firewall Rules, kindly wait for a few minutes to apply the new chnages and re-check if it works.
From below examples, also used
ip.src ne <ip>:
Do you also have some
Page Rules or some
URL Normalization setup?
Am going straight to
It still doesn’t work or is it because of the caching plugin am using. Am using Lightspeed cache plugin
And the Firewall rule is the 1st one from above in the Firewall Rules list, or?
Therefore, it’s surely being enabled right (green slide toggle)?
Example of active (enabled)
May I ask, are the
A type DNS records (
www) both being proxied at the DNS tab of the Cloudflare dashboard for your domain?
Okay, meaning if you set it up right, may I ask to write your domain name so I could test if I can access
wp-login.php from my home country, or even using a VPN connection and post back here the results I get, if so?
Have you tried openning it in a Private Window or clearing your Web browser cache?
May I also ask, in any log file like
access.log, etc., do you see your own IP address or the IP address which belongs to Cloudflare?
No, I disabled the proxy for my
yourdomain.com I was having issues using my
yourdomain.com:8090 to login to my CyberPanel so I disabled it and I was able to use my domain to login to my CyberPanel.
I am afraid that is expected behaviour as far as any Cloudflare option, including the
Firewall Rules do not apply to DNS-only hostnames.
- applies and works only to the ones …
Furthermore, the port
8090 is not supported and compatible with Cloudflare as follows at the below article:
You could try to, if possible, to use some other port from the article above (listed ports which are supported and compatible to work over proxied hostnames).
Can you change it somehow?
In case if you could change the listening / default port somehow … there would also be a good question if it would work over HTTPS (having the valid SSL certificate?) …
If below article could help here:
Or, maybe if you could try to setup and use some kind of a
Load Balancer (like Kemp - a good source video here: you need to learn Load Balancing RIGHT NOW!! (and put one in your home network!) - YouTube) so like inside your network it works over
8090, but on the outside it works over
8443 or some other from the list above?
A cite from my above statement:
HTTPS (having the valid SSL certificate?
In case you do not have and cannot issue one, you could generate and install Cloudflare CA Origin Certificate using the instructions from below article:
A helpful article and tutorial how to propperly setup SSL with Cloudflare can be read and implemented as from below:
Therefore, you would have the
Full (Strict) SSL connection to your CyberPanel, proxied via Cloudflare and whola!
From my understanding, I believe you could also try to setup a sub-domain like
cp.ziddah.com:port or some other, for which you can then allow only your IP as the “whitelisted” for the access, while keeping and having the “naked” domain and other sub-domains available for some other needs and applications, etc.
It works after turning on the proxy. I am trying to access the CyberPanel without port 8090 using the first article.
Am stuck at this step because when I enter /usr/local/lsws/conf/httpd_config.conf I get error path not found.
Maybe you are using Apache or Nginx as a Web server, rather than a LiteSpeed which could lead to a different path for the config / vhost file, or is being installed in a different path (hopefully not misconfigured) due to your OS, if so? - just guessing.
Maybe of a help a bit:
A post was merged into an existing topic: Firewall Rule to allow page logout for subscribers