Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Whitelisting VPN in htaccess to secure app

    WordPress (Developer)
    5
    12
    298
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JUVOJustin
      JUVOJustin last edited by

      Is there a way to use the htaccess to add an ip whitelist to wordpress which includes the local vpn/openvpn?

      I got the htaccess working with one static ip, but including a rule to allow openvpn connections seems impossible to me. Is there a way?

      fbartels girish P 3 Replies Last reply Reply Quote 0
      • fbartels
        fbartels App Dev @JUVOJustin last edited by

        Hi @JUVOJustin

        in the end these openvpn connections also come from a single ip or an ip range. Where exactly are you stuck?

        JUVOJustin 1 Reply Last reply Reply Quote 0
        • JUVOJustin
          JUVOJustin @fbartels last edited by

          @fbartels Thanks for your feedback. Actually i dont actually know how to find the openvpn ip/range . I assumed it is always the same but allowing the one visible in the wordpress app log does not work

          1 Reply Last reply Reply Quote 0
          • girish
            girish Staff @JUVOJustin last edited by

            @JUVOJustin Is your intent to allow access to the WordPress app only when a user is connected via OpenVPN which is also installed on Cloudron ?

            JUVOJustin 1 Reply Last reply Reply Quote 2
            • JUVOJustin
              JUVOJustin @girish last edited by

              @girish Exactly. Only one other static ip needs to be whitelisted additionally

              1 Reply Last reply Reply Quote 0
              • P
                p44 translator @JUVOJustin last edited by

                @JUVOJustin

                I did not totally understand the question, but you can check this page: https://whattheserver.com/securing-wordpress-login/ and take this part if feet for your needs

                #whitelist office IP Address
                allow from 1.2.3.5
                

                Let me know

                JUVOJustin 1 Reply Last reply Reply Quote 0
                • JUVOJustin
                  JUVOJustin @p44 last edited by

                  @p44 Thanks a lot. I already have set up access rules like the one you posted. It works with one static ip. What i need is to whitelist one static ip and the OpenVPN which runs on the same cloudron install as the wordpress installation.

                  Since i do not know where to find the OpenVPN IP with which clients connected to the vpn connect to the wordpress install i have no clue which ip to add to the htaccess.

                  robi 1 Reply Last reply Reply Quote 1
                  • robi
                    robi @JUVOJustin last edited by

                    @JUVOJustin if you open a terminal to the OpenVPN app, it should list all active interfaces set up for the clients.

                    The white list should also allow for a range instead of just single IP.

                    Life of Advanced Technology

                    JUVOJustin 1 Reply Last reply Reply Quote 0
                    • JUVOJustin
                      JUVOJustin @robi last edited by

                      @robi Feeling stupid right now, but i dont see a a list with interfaces when opening a terminal to the OpenVPN app.

                      In the logs of the WordPress App i saw an ipv6 ip which represented by local internet connections ipv6. This seems to be caused due to a misconfiguration in OpenVPN after activating ipv6 for cloudron. However now a can see my private ipv4 address in the logs. Not the internal one of the VPN or the external one of the server.

                      I assumed i can see the external ip of the server in the logs and simply whitelist that. To achieve this do i have to work with the Forwarded header? Is there an example somewhere? I am a bit lost to be honest.

                      robi 1 Reply Last reply Reply Quote 0
                      • robi
                        robi @JUVOJustin last edited by

                        @JUVOJustin I don't think you're looking for the external IP as that would be your connecting IP from home.

                        While the VPN is in use, the private IP in use inside the tunnel can be used, which you already found in your logs.

                        If every time you connect, it stays the same, that is all you need.

                        Life of Advanced Technology

                        JUVOJustin 1 Reply Last reply Reply Quote 0
                        • JUVOJustin
                          JUVOJustin @robi last edited by

                          @robi Hi, i validated. The ips shown in the wordpress app log are indeed my private ones, despite being connected to the vpn. I also validated my private ips are not leaked and validated only my vpn ips are visible outside the cloudron context.

                          For me this seems to be something cloudron specific. I have read this thread: https://forum.cloudron.io/topic/1541/wordpress-restrict-access-by-ip-wp-admin-and-wp-login-php/3 This seems to tackle the same problem. However i am not able to configure my htaccess to use X-Forwarded-For if thats even what i need.

                          girish 1 Reply Last reply Reply Quote 0
                          • girish
                            girish Staff @JUVOJustin last edited by

                            @JUVOJustin Have you tried just putting the public IP of the server in htaccess? When openvpn channels the request to wordpress, it will see the public IP of the server itself and not the private/tunnel IP.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Powered by NodeBB