Welcome to Centmin Mod Community
Register Now

Master Branch add jetpack_ip_whitelist_cronsetup function in 123.09beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Nov 25, 2020.

  1. eva2000

    eva2000 Administrator Staff Member

    46,017
    10,455
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,220
    Local Time:
    10:34 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    add jetpack_ip_whitelist_cronsetup function in 123.09beta01

    - For Wordpress centmin.sh menu option 22 fresh installs switch to totally disabling xmlrpc.php requests instead of rate limiting them and disabling specific functions via Disable XML-RPC wordpress plugin. So with this update, public requests to /xmlrpc.php will get 403 permission denied with the exception of whitelisting Jetpack Wordpress plugin's IP address ranges to continue to have xmlrpc.php access as per IP range outlined at https://jetpack.com/support/hosting-faq/
    - Setup a system cronjob to read the latest Jetpack IP ranges published at https://jetpack.com/ips-v4.txt to populate the generated include file at /usr/local/nginx/conf/jetpack_whitelist_ip.conf which is added to fresh centmin.sh menu option 22 wordpress installs' xmlrpc.php location context
    - For existing Wordpress installs created via centmin.sh menu option 22, after running cmupdate to update your local Centmin Mod code you can either run centmin.sh once and exit or manually run the new tool at /usr/local/src/centminmod/tools/jetpackips.sh - either method will create the system cronjob (and backup system cronjobs to /etc/centminmod/cronjobs/before_jetpack_ip_whitelist_cronjoblist) and to populate and create the include file at /usr/local/nginx/conf/jetpack_whitelist_ip.conf.
    - If you manually run /usr/local/src/centminmod/tools/jetpackips.sh, it will have instructions on adding include file to your xmlrpc.php location context. Example below:

    Code (Text):
    /usr/local/src/centminmod/tools/jetpackips.sh
    
    populating include file /usr/local/nginx/conf/jetpack_whitelist_ip.conf with:
    
    # jetpack ip whitelist https://jetpack.com/support/hosting-faq/
    allow 122.248.245.244/32;
    allow 54.217.201.243/32;
    allow 54.232.116.4/32;
    allow 192.0.80.0/20;
    allow 192.0.96.0/20;
    allow 192.0.112.0/20;
    allow 195.234.108.0/22;
    deny all;
    
    update your wordpress site nginx vhost's xml-rpc.php location context with
    include file for /usr/local/nginx/conf/jetpack_whitelist_ip.conf
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://jetpack.com/support/hosting-faq/
        include /usr/local/nginx/conf/jetpack_whitelist_ip.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    if you need to disable deny all, comment out with hash #
    in front of include directive & restart nginx
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://jetpack.com/support/hosting-faq/
        #include /usr/local/nginx/conf/jetpack_whitelist_ip.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }


    Continue reading...

    Centmin Mod Github Master branch

    Master branch is where most recent commits are made as at May 24, 2015.