Skip to content

Commit

Permalink
Merge pull request #149 from MITLibraries/pw-86
Browse files Browse the repository at this point in the history
Add IP-based block list to wp-config
  • Loading branch information
matt-bernhardt authored Feb 16, 2024
2 parents acbf963 + 2d11048 commit 79a4a15
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 1 deletion.
2 changes: 1 addition & 1 deletion .github/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,7 @@ Please see the readme for that project for [installation](https://github.com/pan
#### Optional application secrets

- `SENTRY_DSN` Unique identifier for this project within Sentry.

- `BLOCKED_IPS` A space-separated list of IP addresses which should be blocked from getting a Wordpress response.

### Environment variables

Expand Down
22 changes: 22 additions & 0 deletions web/wp-config.php
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,30 @@
define( 'WP_SENTRY_VERSION', 'v1' );
define( 'WP_SENTRY_ENV', $_ENV['PANTHEON_ENVIRONMENT'] );
}

// Blocked IP address handling - defined as a space-separated string in secrets, and
// parsed to an array.
if ( array_key_exists( 'BLOCKED_IPS', $secrets ) ) {
define( 'BLOCKED_IPS', $secrets['BLOCKED_IPS'] );
}
}
}

/**
* Respond with a 403 error message if the user IP address is on our block list.
*
* This assumes that BLOCKED_IPS is a string that can be exploded to an array of values.
* It also assumes that the block list consists of individual IP addresses, and not
* ranges that need to be calculated.
*/
if ( defined( 'BLOCKED_IPS' ) ) {
$array_blocked_ips = explode( " ", BLOCKED_IPS );
$request_remote_addr = $_SERVER['REMOTE_ADDR'];

if ( in_array($request_remote_addr, $array_blocked_ips) ) {
header( 'HTTP/1.0 403 Forbidden' );
exit;
}
}

/**
Expand Down

0 comments on commit 79a4a15

Please sign in to comment.