ip-location-block-extra-ips

Posted on May 11, 2021

White list and Black list of extra IP addresses prior to country code.

Description

The filter hook “ip-location-block-extra-ips” can assign the white and black list of extra IP addresses with CIDR notation which should be validated prior to other validations.

Parameters

  • $extra_ips
    (array) An associative array of 'white_list' and 'black_list'. Both are string of comma separated IP addresses.

  • $hook
    (string) 'comment', 'xmlrpc', 'login', 'admin' or 'public'.

Use case

1.) The following code snippet in your theme’s functions.php can automatically fetch the IP addresses from Tor exit nodes on background and add them to the black list when login attempt is captured.

define( 'MY_EXTRA_IPS_LIST', 'my_extra_ips_list' );
define( 'MY_EXTRA_IPS_CRON', 'my_extra_ips_cron' );

function my_extra_ips_get() {
    // get tor address list
    $list = @file( 'https://check.torproject.org/exit-addresses' );

    if ( FALSE !== $list ) {
        // retrieve IP addresses from lines like :
        // 'ExitAddress 123.456.789.123 YYYY-MM-DD hh:mm:ss'
        $list = preg_filter(
            '/^ExitAddress (d{1,3}.d{1,3}.d{1,3}.d{1,3}) .*$/m',
            '$1',
            $list
        );

        // keep the list in the cache
        if ( ! empty( $list ) ) {
            $list = implode( ',', array_map( 'trim', $list ) );
            set_transient( MY_EXTRA_IPS_LIST, $list, DAY_IN_SECONDS );
        }
    }

    if ( ! wp_next_scheduled( MY_EXTRA_IPS_CRON ) ) {
        wp_schedule_single_event( time() + HOUR_IN_SECONDS, MY_EXTRA_IPS_CRON );
    }

    return $list;
}

function my_extra_ips_hook( $extra_ips, $hook ) {
    $list = get_transient( MY_EXTRA_IPS_LIST );

    // if the list does not exist, then update
    if ( ! $list ) {
        wp_schedule_single_event( time(), MY_EXTRA_IPS_CRON );
    }

    // restrict the target hook
    if ( $list && in_array( $hook, array( 'xmlrpc', 'login' ) ) ) {
        $extra_ips['black_list'] .= ( $extra_ips['black_list'] ? ',' : '' ) . $list;
    }

    return $extra_ips;
}

add_action( MY_EXTRA_IPS_CRON, 'my_extra_ips_get' );
add_filter( 'ip-location-block-extra-ips', 'my_extra_ips_hook', 10, 2 );

2.) Validate extra IP addresses with CIDR prior to other validations. Get IPs with CIDR from Amazon AWS and set them to the black list

define( 'MY_EXTRA_IPS_LIST', 'my_extra_ips_list' );
define( 'MY_EXTRA_IPS_CRON', 'my_extra_ips_cron' );

function my_extra_ips_get() {
$list = json_decode(
@file_get_contents( 'https://ip-ranges.amazonaws.com/ip-ranges.json' ),
TRUE // convert object to array
);

// keep the list in the cache
if ( is_array( $list['prefixes'] ) ) {
$list = implode( ',', array_column( $list['prefixes'], 'ip_prefix' ) );
set_transient( MY_EXTRA_IPS_LIST, $list, DAY_IN_SECONDS );
}

if ( ! wp_next_scheduled( MY_EXTRA_IPS_CRON ) )
wp_schedule_single_event( time() + HOUR_IN_SECONDS, MY_EXTRA_IPS_CRON );

return $list;
}

function my_extra_ips_hook( $extra_ips, $hook ) {
// if the list does not exist, then update
$list = get_transient( MY_EXTRA_IPS_LIST );

if ( ! $list )
wp_schedule_single_event( time(), MY_EXTRA_IPS_CRON );

// restrict the target hook
if ( in_array( $hook, array( 'xmlrpc', 'login' ), true ) ) {
$extra_ips['black_list'] .= ( $extra_ips['black_list'] ? ',' : '' ) . $list;
}

return $extra_ips;
}

add_action( MY_EXTRA_IPS_CRON, 'my_extra_ips_get' );
add_filter( 'ip-location-block-extra-ips', 'my_extra_ips_hook', 10, 2 );
 
NOTE: When you select "mu-plugins" (ip-location-block-mu.php) as Validation timing , you should put your code snippet into drop-in.php in Geolocation API folder instead of functions.php. See My custom functions in “functions.php” doesn’t work. in FAQ for detail.

Since

0.2.2.0