[solved]request filter rule - only allow specific IP to login for usernames
I am trying to make it so only a specific IP address 18.104.22.168 can login
with specific usernames (admin or test) in the POST data of a login script on a vbulletin forum:
From .htaccess file:
SecRule REQUEST_URI "^\/login\.php\?do=login" chain
SecRule ARG_vb_login_username ((test)|(admin)) chain
SecRule REMOTE_ADDR !^5\.5\.5\.5$
I have tried the above rule and many other variations but can't seem to
figure out how to accomplish this.
additionally i try this in the Admin panel and removed everything from htaccess. action is
SecFilterSelective THE_REQUEST "/login\.php" chain
SecFilterSelective ARG_vb_login_username "test" chain
SecFilterSelective REMOTE_ADDR "!^5\.5\.5\.5$"
doesn't work either. i can login with the username test from both the IP in the rule and other IP
i did try gracefully restarting, it didnt fix the nonworking
Last edited by NiteWave; 08-18-2011 at 09:31 PM..