WP ZEP for private/reserved IP

Question

WP ZEP for private/reserved IP

ddur opened this issue 7 years ago · 1 comments

I'm having issue with ZEP blocking background process on same server that is accessing wp_ajax from same server and private IP (127.0.0.1).

I wish that ZEP (or whole plugin) does not block private IPs.
Or at least offer option to skip protection for private IP access.

While client IP can be faked, as far as I know, server IP can't.
If you check server response IP ($_SERVER ['SERVER_ADDR']) with

false === filter_var ($_SERVER ['SERVER_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE))

When server is responding on private IP address, then I believe that ZEP and other security filters can be safely disabled ?

TIA

Answer 1 · 2018-02-28T02:17:36.000Z

Dear @ddur,

So sorry for my late replying.

When server is responding on private IP address, then I believe that ZEP and other security filters can be safely disabled ?

Yes, it's true!

IPGB already has a function is_private_ip() in the class IP_Geo_Block_Util just the same as your comment. So I'll adopt your idea in the next release.

It may also improve compatibility issues in some cases.

Thanks for your giving me heads-up!