Beta Branch add jetpack_ip_whitelist_cronsetup function in 123.09beta01

add jetpack_ip_whitelist_cronsetup function in 123.09beta01

- For Wordpress centmin.sh menu option 22 fresh installs switch to totally disabling xmlrpc.php requests instead of rate limiting them and disabling specific functions via Disable XML-RPC wordpress plugin. So with this update, public requests to /xmlrpc.php will get 403 permission denied with the exception of whitelisting Jetpack Wordpress plugin's IP address ranges to continue to have xmlrpc.php access as per IP range outlined at Hosting FAQ
- Setup a system cronjob to read the latest Jetpack IP ranges published at https://jetpack.com/ips-v4.txt to populate the generated include file at /usr/local/nginx/conf/jetpack_whitelist_ip.conf which is added to fresh centmin.sh menu option 22 wordpress installs' xmlrpc.php location context
- For existing Wordpress installs created via centmin.sh menu option 22, after running cmupdate to update your local Centmin Mod code you can either run centmin.sh once and exit or manually run the new tool at /usr/local/src/centminmod/tools/jetpackips.sh - either method will create the system cronjob (and backup system cronjobs to /etc/centminmod/cronjobs/before_jetpack_ip_whitelist_cronjoblist) and to populate and create the include file at /usr/local/nginx/conf/jetpack_whitelist_ip.conf.
- If you manually run /usr/local/src/centminmod/tools/jetpackips.sh, it will have instructions on adding include file to your xmlrpc.php location context. Example below:

Code (Text):

/usr/local/src/centminmod/tools/jetpackips.sh

populating include file /usr/local/nginx/conf/jetpack_whitelist_ip.conf with:

# jetpack ip whitelist https://jetpack.com/support/hosting-faq/
allow 122.248.245.244/32;
allow 54.217.201.243/32;
allow 54.232.116.4/32;
allow 192.0.80.0/20;
allow 192.0.96.0/20;
allow 192.0.112.0/20;
allow 195.234.108.0/22;
deny all;

update your wordpress site nginx vhost's xml-rpc.php location context with
include file for /usr/local/nginx/conf/jetpack_whitelist_ip.conf

location ~* /(xmlrpc\.php) {
    limit_req zone=xwprpc burst=45 nodelay;
    #limit_conn xwpconlimit 30;
    include /usr/local/nginx/conf/php-wpsc.conf;
    # https://jetpack.com/support/hosting-faq/
    include /usr/local/nginx/conf/jetpack_whitelist_ip.conf;
    # https://community.centminmod.com/posts/18828/
    #include /usr/local/nginx/conf/php-rediscache.conf;
}

if you need to disable deny all, comment out with hash #
in front of include directive & restart nginx

location ~* /(xmlrpc\.php) {
    limit_req zone=xwprpc burst=45 nodelay;
    #limit_conn xwpconlimit 30;
    include /usr/local/nginx/conf/php-wpsc.conf;
    # https://jetpack.com/support/hosting-faq/
    #include /usr/local/nginx/conf/jetpack_whitelist_ip.conf;
    # https://community.centminmod.com/posts/18828/
    #include /usr/local/nginx/conf/php-rediscache.conf;
}

contents of generated include file /usr/local/nginx/conf/jetpack_whitelist_ip.conf

Code (Text):

# jetpack ip whitelist https://jetpack.com/support/hosting-faq/
allow 122.248.245.244/32;
allow 54.217.201.243/32;
allow 54.232.116.4/32;
allow 192.0.80.0/20;
allow 192.0.96.0/20;
allow 192.0.112.0/20;
allow 195.234.108.0/22;
deny all;

and created system cronjob

Code (Text):

crontab -l | grep -w jetpackips
11 */12 * * * /usr/local/src/centminmod/tools/jetpackips.sh >/dev/null 2>&1

Continue reading...

123.09beta01 branch

• Branch: centminmod/centminmod
• Commit History: centminmod/centminmod