Support > Security

Possible to whitelist IPs?

(1/2) > >>

seadhna:
Hi there,
I am going to start using a CDN. Is it possible to whitelist IPs? If not, is it possible to switch off Defender completely? Defender seems to be banning users more than it should lately - e.g. when I ping the site from worldwide locations to test load time, the ping services seem to get banned.

datahell:
See defender's security log to see why it bans these IPs. There should be a good reason for that. Do you have also the IP filter enabled in defender? If Yes and these IPs are black-listed then this is why defender bans them. Then is no way to unban these IPs as they are loaded automatically from a third party service.

seadhna:
Hi datahell,
so I have ongoing issues for the past 2 months with Elxis Defender banning google bots and Google is getting completely banned from the website. All pages are showing as 'Access Denied' in Webmaster Tools. I have gone through the Security Log and corrected all the malformed hyperlinks that were causing problems, e.g. a missing slash from hyperlinks: http:/www.example.org instead of http://www.example.org was being interpreted as an attack by Google Bot when it crawled this link. So, I thought a solution would be to test every page on W3's link checker: https://validator.w3.org/checklink
However, this tool gets banned from the site! I tried to use it with a page from the site, and it says: Error: 403 Forbidden. then I checked the defender_ban.php and sure enough: the W3 IP has been entered on the list: '128x30x52x136' => array('times' => 2, 'refcode' => 'SEC-DEFG-0009', 'date' => '2017-04-06 15:28:29'),

Can you assist with this? This is happening (Error: 403 Forbidden) on all Elxis sites I have checked, including www.Elxis.org

datahell:
Elxis Defender does not block Google. If you have bad links on your site it is not Defender to blame. Google might have indexed your site with these bad links and a person visiting your site from google if he follows such a link he will be banned. This is absolutely normal because Defender's blocking policy is based on very carefully selected rules. For example it blocks all attempts scanning for wordpress administration folder (wp-admin). So if you create a link like that: http://www.example.com/wp-admin/ Defender will ban everyone that will try to visit it.

As for blocking W3C I haven't investigated this issue but most probably Defender blocks it because of the user agent. Defender blocks automated remote tools used by hackers to attack sites like libcurl, wget and other similar. If you want you can disable Defender for some time (eg to perform the tests), or for always. Elxis is secure with or without the Defender. The difference is that without the defender all attacks will reach your site and you wont have a view of what is happening on your site from a security perspective. You can also disable the general rules (option G) and enable only the C option (custom rules) and put your own rules in custom.rules.php. This way you can fully customize Defender's blocking policy.

includes/libraries/elxis/defender/custom.rules.php

seadhna:
Hi datahell, thanks for your response, but I don't know how to take both your statement and what I see in Google Webmaster Tools as true. Google Webmaster Tools repeatedly tells me that it cannot access the website, that acccess is denied. Then when I consult the Defender_Bans.php I see that Google Ips are indeed blocked. Can you explain this?

Navigation

[0] Message Index

[#] Next page