Simple WordPress login protection using referral
I'm trying to protect the default login page (/wp-login.php) on our WordPress site, using a "secret" (/secretlogin) page as a referral, and only then should you be able to login: (otherwise you get redirected to a restricted access page) when CLIENT_ACCEPTED { set static::triggerWP 0 } when HTTP_REQUEST { if {[string tolower [HTTP::path]] contains "/wp-login.php" and $static::triggerWP == 0 } { HTTP::redirect "https://[HTTP::host]/restricted-access" } if {[string tolower [HTTP::path]] equals "/secretlogin"} { set static::triggerWP 1 HTTP::redirect https://[HTTP::host]/wp-login.php } } And this seems to work pretty well in our test environment, but when I added this to our Prod environment, which has lots of traffic, it is very rare for this to work. I'm guessing the heavy traffic resets the triggerWP variable to 0, and that this variable isn't unique to each person who connects? Any idea how I could handle this better? Thanks!778Views0likes4CommentsSimple WordPress login protection, using cookie insert
I'm trying to deny access to the default login page on our WordPress site, when going straight to the login page (/wp-login.php), by redirecting you to /access-denied. But if you know the "secret" page, https://[HTTP::host]/secretpage , then the iRule should put a cookie in your browser, then redirect you to the actual login page, and now allow you to login. Any suggestions on how this could be done? Tried something like this, but not getting the expected result: when HTTP_REQUEST { if {[string tolower [HTTP::path]] equals "/secretpage"} { HTTP::cookie insert name "SecretWP" value "1" HTTP::redirect https://[HTTP::host]/wp-login.php } if {[string tolower [HTTP::path]] contains "/wp-login.php" and (![HTTP::cookie exists "SecretWP"])} { HTTP::respond 200 content "Rejected! Cookie names: [HTTP::cookie names]" } } In the end I added a HTTP::respond 200 content, for HTTP::cookie names, for troubleshooting, but the cookie I tried to insert was not in the list. Made this iRule sort of based on an example I found on the F5 site, but most other example seems to always add the cookie insert when HTTP_RESPONSE, so I'm wondering if that's the problem? Can't do an insert when HTTP_REQUEST? / Per706Views0likes2Comments