Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. WordPress (Developer)
  3. Whitelisting VPN in htaccess to secure app

Whitelisting VPN in htaccess to secure app

Scheduled Pinned Locked Moved WordPress (Developer)
12 Posts 5 Posters 2.5k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • JUVOJustinJ JUVOJustin

    Is there a way to use the htaccess to add an ip whitelist to wordpress which includes the local vpn/openvpn?

    I got the htaccess working with one static ip, but including a rule to allow openvpn connections seems impossible to me. Is there a way?

    fbartelsF Offline
    fbartelsF Offline
    fbartels
    App Dev
    wrote on last edited by
    #2

    Hi @JUVOJustin

    in the end these openvpn connections also come from a single ip or an ip range. Where exactly are you stuck?

    JUVOJustinJ 1 Reply Last reply
    0
    • fbartelsF fbartels

      Hi @JUVOJustin

      in the end these openvpn connections also come from a single ip or an ip range. Where exactly are you stuck?

      JUVOJustinJ Offline
      JUVOJustinJ Offline
      JUVOJustin
      wrote on last edited by
      #3

      @fbartels Thanks for your feedback. Actually i dont actually know how to find the openvpn ip/range . I assumed it is always the same but allowing the one visible in the wordpress app log does not work

      Need help or just chat about something interesting:

      1 Reply Last reply
      0
      • JUVOJustinJ JUVOJustin

        Is there a way to use the htaccess to add an ip whitelist to wordpress which includes the local vpn/openvpn?

        I got the htaccess working with one static ip, but including a rule to allow openvpn connections seems impossible to me. Is there a way?

        girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by
        #4

        @JUVOJustin Is your intent to allow access to the WordPress app only when a user is connected via OpenVPN which is also installed on Cloudron ?

        JUVOJustinJ 1 Reply Last reply
        2
        • girishG girish

          @JUVOJustin Is your intent to allow access to the WordPress app only when a user is connected via OpenVPN which is also installed on Cloudron ?

          JUVOJustinJ Offline
          JUVOJustinJ Offline
          JUVOJustin
          wrote on last edited by
          #5

          @girish Exactly. Only one other static ip needs to be whitelisted additionally

          Need help or just chat about something interesting:

          1 Reply Last reply
          0
          • JUVOJustinJ JUVOJustin

            Is there a way to use the htaccess to add an ip whitelist to wordpress which includes the local vpn/openvpn?

            I got the htaccess working with one static ip, but including a rule to allow openvpn connections seems impossible to me. Is there a way?

            P Offline
            P Offline
            p44
            translator
            wrote on last edited by
            #6

            @JUVOJustin

            I did not totally understand the question, but you can check this page: https://whattheserver.com/securing-wordpress-login/ and take this part if feet for your needs

            #whitelist office IP Address
            allow from 1.2.3.5
            

            Let me know

            JUVOJustinJ 1 Reply Last reply
            0
            • P p44

              @JUVOJustin

              I did not totally understand the question, but you can check this page: https://whattheserver.com/securing-wordpress-login/ and take this part if feet for your needs

              #whitelist office IP Address
              allow from 1.2.3.5
              

              Let me know

              JUVOJustinJ Offline
              JUVOJustinJ Offline
              JUVOJustin
              wrote on last edited by
              #7

              @p44 Thanks a lot. I already have set up access rules like the one you posted. It works with one static ip. What i need is to whitelist one static ip and the OpenVPN which runs on the same cloudron install as the wordpress installation.

              Since i do not know where to find the OpenVPN IP with which clients connected to the vpn connect to the wordpress install i have no clue which ip to add to the htaccess.

              Need help or just chat about something interesting:

              robiR 1 Reply Last reply
              1
              • JUVOJustinJ JUVOJustin

                @p44 Thanks a lot. I already have set up access rules like the one you posted. It works with one static ip. What i need is to whitelist one static ip and the OpenVPN which runs on the same cloudron install as the wordpress installation.

                Since i do not know where to find the OpenVPN IP with which clients connected to the vpn connect to the wordpress install i have no clue which ip to add to the htaccess.

                robiR Offline
                robiR Offline
                robi
                wrote on last edited by
                #8

                @JUVOJustin if you open a terminal to the OpenVPN app, it should list all active interfaces set up for the clients.

                The white list should also allow for a range instead of just single IP.

                Conscious tech

                JUVOJustinJ 1 Reply Last reply
                0
                • robiR robi

                  @JUVOJustin if you open a terminal to the OpenVPN app, it should list all active interfaces set up for the clients.

                  The white list should also allow for a range instead of just single IP.

                  JUVOJustinJ Offline
                  JUVOJustinJ Offline
                  JUVOJustin
                  wrote on last edited by
                  #9

                  @robi Feeling stupid right now, but i dont see a a list with interfaces when opening a terminal to the OpenVPN app.

                  In the logs of the WordPress App i saw an ipv6 ip which represented by local internet connections ipv6. This seems to be caused due to a misconfiguration in OpenVPN after activating ipv6 for cloudron. However now a can see my private ipv4 address in the logs. Not the internal one of the VPN or the external one of the server.

                  I assumed i can see the external ip of the server in the logs and simply whitelist that. To achieve this do i have to work with the Forwarded header? Is there an example somewhere? I am a bit lost to be honest.

                  Need help or just chat about something interesting:

                  robiR 1 Reply Last reply
                  0
                  • JUVOJustinJ JUVOJustin

                    @robi Feeling stupid right now, but i dont see a a list with interfaces when opening a terminal to the OpenVPN app.

                    In the logs of the WordPress App i saw an ipv6 ip which represented by local internet connections ipv6. This seems to be caused due to a misconfiguration in OpenVPN after activating ipv6 for cloudron. However now a can see my private ipv4 address in the logs. Not the internal one of the VPN or the external one of the server.

                    I assumed i can see the external ip of the server in the logs and simply whitelist that. To achieve this do i have to work with the Forwarded header? Is there an example somewhere? I am a bit lost to be honest.

                    robiR Offline
                    robiR Offline
                    robi
                    wrote on last edited by
                    #10

                    @JUVOJustin I don't think you're looking for the external IP as that would be your connecting IP from home.

                    While the VPN is in use, the private IP in use inside the tunnel can be used, which you already found in your logs.

                    If every time you connect, it stays the same, that is all you need.

                    Conscious tech

                    JUVOJustinJ 1 Reply Last reply
                    0
                    • robiR robi

                      @JUVOJustin I don't think you're looking for the external IP as that would be your connecting IP from home.

                      While the VPN is in use, the private IP in use inside the tunnel can be used, which you already found in your logs.

                      If every time you connect, it stays the same, that is all you need.

                      JUVOJustinJ Offline
                      JUVOJustinJ Offline
                      JUVOJustin
                      wrote on last edited by
                      #11

                      @robi Hi, i validated. The ips shown in the wordpress app log are indeed my private ones, despite being connected to the vpn. I also validated my private ips are not leaked and validated only my vpn ips are visible outside the cloudron context.

                      For me this seems to be something cloudron specific. I have read this thread: https://forum.cloudron.io/topic/1541/wordpress-restrict-access-by-ip-wp-admin-and-wp-login-php/3 This seems to tackle the same problem. However i am not able to configure my htaccess to use X-Forwarded-For if thats even what i need.

                      Need help or just chat about something interesting:

                      girishG 1 Reply Last reply
                      0
                      • JUVOJustinJ JUVOJustin

                        @robi Hi, i validated. The ips shown in the wordpress app log are indeed my private ones, despite being connected to the vpn. I also validated my private ips are not leaked and validated only my vpn ips are visible outside the cloudron context.

                        For me this seems to be something cloudron specific. I have read this thread: https://forum.cloudron.io/topic/1541/wordpress-restrict-access-by-ip-wp-admin-and-wp-login-php/3 This seems to tackle the same problem. However i am not able to configure my htaccess to use X-Forwarded-For if thats even what i need.

                        girishG Offline
                        girishG Offline
                        girish
                        Staff
                        wrote on last edited by
                        #12

                        @JUVOJustin Have you tried just putting the public IP of the server in htaccess? When openvpn channels the request to wordpress, it will see the public IP of the server itself and not the private/tunnel IP.

                        1 Reply Last reply
                        0
                        Reply
                        • Reply as topic
                        Log in to reply
                        • Oldest to Newest
                        • Newest to Oldest
                        • Most Votes


                        • Login

                        • Don't have an account? Register

                        • Login or register to search.
                        • First post
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • Bookmarks
                        • Search