Not ISSUES but question :: does this plugin block google index outside my country ip ?

[navotera]

Thanks for your plugin here my question :

1. Does this plugin blocking google search bot ? Such as google bot that identify outside my country ID (im using whitelist)
2. Does this plugin blocking request made by authorized wp plugin such as Jetpack or other plugin request ?

[tokkonopapa]

Hi @navotera ,

1. No. Please refer to UA string and Qualification.
2. Yes. Please refer to Setting for “XML-RPC” and How To White List JetPack Servers.

[navotera]

Thanks u for your reply sir.. .

Honestly im not sure how this plugin work, i try to access my sites using Proxy in Canada/US based IP but why it still showing my plugins directory ?

my setting :

And the last thing is...
When I use the android native version of wordpress why the image operation never success either it view the image or uploading the image...
Do you know some ip should i type in whitelist to allow official android version of wordpress ??

let me know im if i miss something

Thanks u for your reply sir

[tokkonopapa]

Hi @navotera ,

I think your server software might be nginx, and you have to configure your server not to index the directory at first. This plugin is (of course) a WordPress plugin. So if your server won't start any PHP files (e.g. WordPress), this plugin never work. In your case, your server shows contents of the directory because there's no index.php in that directory.

I hope you to understand that "Plugins area" and "Themes area" are mainly aimed to prevent exploitation via PHP in those directory.

As for the issue of android,

why the image operation never success either it view the image or uploading the image...

could you login as an admin with android browser? I'd like to have more details.

In some cases, mobile browser accesses a page via some kind of proxy server like Chrome compression server in order to optimize the speed. So I recommend you to find your blocked access which requested by your android browser in this plugin's "Logs" tab and check the IP address.

Currently, this plugin supports Chrome data saver and Puffin browser. Please refer to http://www.ipgeoblock.com/changelog/release-3.0.0.html#chrome-compression-proxy and let me know the "Result" and "HTTP headers" columns of your blocked access in Logs.

[navotera]

Im using litespeed server app.

1. I still dont understand why this plugin still showing my plugin directory event i have blacklisted country ip
2. I have wp android app ip : here some
   192.0.88.49,192.0.113.210

The problem is i when i type those ip in whitelist ip this plugin still blocked those ip to access some folder as viewed in live update logs

Any config i miss?

[tokkonopapa]

1. I still dont understand why this plugin still showing my plugin directory event i have blacklisted country ip

Why do you think so? If you have confidence, please let me know. While I know about my plugin very well, I don't have enough information about your server. Please let me know as much information as possible.

Im using litespeed server app.

OK. Then you can find /wp-content/plugins/.htaccess when you enable "Force to load WP core" at "Plugins area". But in your case, it won't work at all. It means that your server does not allow you to the local .htaccess. So please check your server's configuration.

The problem is i when i type those ip in whitelist ip this plugin still blocked those ip to access some folder as viewed in live update logs

Q1. What message did you see when "you access some folders" ?
Q2. What did you see at "Result" column in live update logs when your access blocked?
Q3. Where did you access? Please let me know concretely.
Q4. Did you use mobile app of WordPress for android? The IP addresses 192.0.88.49 and 192.0.113.210 belong to Automattic. So your site is on WordPress.com, right? (I hope I'm wrong because their server is somewhat special.)

The "Result" column is very helpful in order to know the reason of blocking.

By the way, I'd strongly recommend again to prohibit indexing the folders from the security point of view.

[navotera]

Thanks u for your reply sir...
Yes i kinda sure this is somehow my mistaken because as i see there was so many people who use this plugin...
Q1.

im opening this issues because i dont understand about how this plugin works when i using proxy to simulate that im on US country (blacklisted) but still can show plugin directory.

Is this normal or this plugin work by disabling direct php execution if it in some plugin directory ?
Does my server block local .htaccess (i do find .htaccess created by this plugin on my root plugins directory ) ? Does it since .htaccess created by wordpress is working. ?

for the mobile app

Q2. Here my whitelist list config :

and here result log :

Q3. Im accessing in my mobile phone using 4G operator in my country (ID).

Q4. Yes i am using the official WP android from google play. My site is self hosted wp.

Thanks u sir

[navotera]

• Server: LiteSpeed
• PHP: 5.6.33
• PHP SAPI: litespeed
• WordPress: 4.9.2
• Multisite: no
• File system: direct
• Temp folder: /tmp/
• Umask: 755
• Zlib: yes
• ZipArchive: yes
• BC Math: gmp yes
• mb_strcut: yes
• SQLite(PDO): yes
• DNS lookup: available [18.4 msec]
• User agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.89 Safari/537.36
• plugin directory below... (i delete it)

[tokkonopapa]

Hi @navotera ,

Thank you for your information. The configuration of your self hosted server seems very strange.

im opening this issues because i dont understand about how this plugin works when i using proxy to simulate that im on US country (blacklisted)

First of all, I think we have to confirm your server's configuration before thinking about simulating proxy.

but still can show plugin directory.

This plugin does not have a function to prevent directory listing. That is your server's job which should be configured in your httpd.conf.

Is this normal or this plugin work by disabling direct php execution if it in some plugin directory ?

Yes, if /wp-content/plugins/.htaccess works.

Does my server block local .htaccess (i do find .htaccess created by this plugin on my root plugins directory ) ?

I'm sorry but may be I was wrong. Please put the following code as index.php under /wp-content/plugins/ajax-load-more/. You can copy /wp-content/plugins/index.php.

<?php
// Silence is golden.

And please try to access /wp-content/plugins/ajax-load-more/ again same as in this thread. Then you might be blocked if you are behind the proxy. It means that if your server parse a PHP file, then "Force to load WP core" at "Plugins area" and "Themes area" works fine. On the other hand, if there's no index.php in /wp-content/plugins/ajax-load-more/, your server shows the directory listing.

Does it make sense for you?

Regarding to Q2, your image about the result of logs seems very strange because of the following two points.

• This plugin would not handle any files under /wp-content/upload/.
• This plugin would not handle any jpg files, but only PHP files.
• The user agent is "Photon/1.0" which is an image acceleration by Jetpack.

While I have no idea about the cause of the 1st point, the 2nd point would be caused by mismatched content type. I wonder if the content type of jpg is configured as PHP file or something. Please confirm if the content type of jpeg file is image/jpeg using your browser's developer tool like bellow after, disabling this plugin:

And the 3rd point, please try to disable your Jetpack plugin and access it again. I think we have to investigate how Photon works in the site. If you let me know your site URL (by email), I can help you to do it.

[tokkonopapa]

Hi,

I tried to replicate your issue under the following conditions, but everything works fine including access to an image file.

• Server: Apache
• PHP: 7.1.8
• PHP SAPI: cgi-fcgi
• WordPress: 4.9.2
• Multisite: no
• File system: direct
• Temp folder: /tmp/
• Umask: 755
• Zlib: yes
• ZipArchive: yes
• BC Math: no
• mb_strcut: yes
• SQLite(PDO): yes
• DNS lookup: available [500.1 msec]
• User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Firefox/57.0
• Twenty Twelve Child 1.7
• Twenty Twelve 2.4
• Akismet Anti-Spam 4.0.2
• IP Geo Block 3.0.6.1
• Jetpack by WordPress.com 5.7.1
• Optimize Database after Deleting Revisions 4.5
• WP Multibyte Patch 2.8.1

Validation rule settings

Back-end target settings

Front-end target settings

Result by Android

• Version: 4.1.2
• Browser: Default browser
• Image view by Photon URL:
  
• Image view by original URL:
  

Result by Mobile App for WordPress

• iOS 11.2.2
• WordPress.com App
• Logs
  

Side Note

You can use the CIDR notation 192.0.64.0/18 to specify the Automattic server.

And here is the related documents:

• Photon
• Photon API

[navotera]

Thanks u sir... i will test this, if not work i guess it somehow related to my server configuration

thanks u again

[navotera]

sorry i dont have time for a while to test this so i close this

by the way thanks for your cooperation..
have a nice days !