-3

Im trying to configure everything in order to allow only VPN users to accesss to certain folders (wp-admin etc) and the thing is that by following some tutorials like https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04 i can connect to my openvpn (it gives me a 10.8.0.X ip through tun0 and the external IP is my server's one when checking at http://www.whatsmyip.org/ but when i enter my own server domain in my browser it sees my real IP (getenv('REMOTE_ADDR') shows my real IP) and not the one from the VPN so i cant set up a .htaccess file to restrict to my own server IP.

As a summary of above tutorial config, i have:

/etc/openvpn/server.conf

dh2048.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
user nobody
group nogroup

/proc/sys/net/ipv4/ip_forward

1

/etc/sysctl.conf

net.ipv4.ip_forward=1

/etc/default/ufw

DEFAULT_FORWARD_POLICY="ACCEPT"

/etc/ufw/before.rules

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0] 
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

ufw status verbose:

root@XXX:/# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip

To                           Action      From
--                           ------      ----
1194/udp                     ALLOW IN    Anywhere
22/tcp                       ALLOW IN    Anywhere
53 (Bind9)                   ALLOW IN    Anywhere
80/tcp (Apache)              ALLOW IN    Anywhere
443/tcp (Apache Secure)      ALLOW IN    Anywhere
1194/udp (v6)                ALLOW IN    Anywhere (v6)
22/tcp (v6)                  ALLOW IN    Anywhere (v6)
53 (Bind9 (v6))              ALLOW IN    Anywhere (v6)
80/tcp (Apache (v6))         ALLOW IN    Anywhere (v6)
443/tcp (Apache Secure (v6)) ALLOW IN    Anywhere (v6)

Is there something im missing or a different workaround?

Thank you in advance,

farrusete
  • 435
  • 9
  • 24

1 Answers1

1

If Wordpress if your CMS, you can do this by installing a plugin. Find Restricted site access plugin on wordpress's website, this plugin will; Limit access to visitors who are logged in or allowed by IP addresses. Includes many options for handling blocked visitors.

Using this plugin, you can restrict all other people who visit the page with any different IP

Restrict Content Pro is another powerful plugin worth considering if you want to implement advanced content and website access restriction for your WordPress website. Restricted Content Pro offers one of the most complete solutions for members-only access restriction for WordPress.

.htaccess Modifications – You can make a couple of modifications to your .htaccess file to restrict access to certain folders or files in the root of your WordPress installation by authorized users. If you use a dedicated IP, you can block access to the admin folder for all users except your IP address. If you use a dynamic IP address, be sure to modify the IP part or you will be blocked too.

Code snippet:

order deny, allow allow from 199.199.10.0 (use your IP) deny from all

You can also add another layer of protection for your admin area using some form of authentication system. This way, other users with access to the admin area will not be able to access the actual admin files and the same is true in case of an external intruder or software bot (since many attacks are carried out using bots).

Additionally, you can restrict access to wp-config.php as well as other individual files in the installation folder. For instance, if you include the code snippet below the top of your .htaccess file, any user trying to access this file will be denied access. Here’s the code snippet:

order allow, deny deny from all

The default .htaccess file contains some basic WordPress functions that you shouldn’t break, so before you make any modifications to the file, make a backup copy and keep it safe.

Have a look at this page for further clarification if you're looking to block on page level: http://wpdatatables.com/restricting-access-specific-content-wordpress-site/

Yasir
  • 124
  • 7
  • Nice workaround but what i want is to allow only users connected to the vpn and not adding every ip to the extension as there would be a lot with dynamic IPs pr even from mobile phones accesing wp-admin – farrusete Aug 31 '16 at 20:25
  • Your OPEN VPN must have some IPs assigned to them, only allow those IPs to browse those specific pages, this can be done using the plugins defined above or through .htaccess file. – Yasir Sep 01 '16 at 09:07
  • alright, thanks techspider :) – Yasir Sep 01 '16 at 16:45