Search Over 30,000 FREE Plugins from the Official WordPress Plugin Directory Repository

CIDRAM

CIDRAM: A PHP-level CIDR/IP-based firewall solution.

CIDRAM (Classless Inter-Domain Routing Access Manager) is a PHP script designed to protect websites by blocking requests originating from IP addresses regarded as being sources of undesirable traffic, including (but not limited to) traffic from non-human access endpoints, cloud services, spambots, scrapers, etc. It does this by calculating the possible CIDRs of the IP addresses supplied from inbound requests and then attempting to match these possible CIDRs against its signature files (these signature files contain lists of CIDRs of IP addresses regarded as being sources of undesirable traffic); If matches are found, the requests are blocked.

Author Caleb Mazalevskis
Profile
Contributors maikuolan
Tags anti-spam, asn, blacklist, blocker, blocklist, cidr, cloud, firewall, GNU, GPL, ip, protection, routing, security, WAF
  1. cidram screenshot 1

    Screenshot of the CIDRAM "Access Denied" page.

  2. cidram screenshot 2

    Screenshot of CIDRAM running in CLI-mode.

= Installing via the plugins dashboard.

= 1. Before you begin, ensure that you're logged in as an administrator with the necessary permissions to install, update and edit plugins (after activating the plugin but before modifying the plugin configuration file, do not log out from this account). 2. From the plugins dashboard, click the "Add New" button. From the page that appears, type "CIDRAM" into the "Search Plugins" text field, and press enter. A button to install CIDRAM should appear, and CIDRAM should automatically install when you click on that button. 3. Before activating the plugin, it is advisable to understand the various configuration directives available to the plugin, what they do, and how to change them. Go to http://maikuolan.github.io/CIDRAM/, scroll the page until you reach the "Documentation" subheading; Choose your language, and read through "Section 5: Configuration Options"; The information presented relates to the configuration directives available to the plugin. 4. Please read through the "Frequently Asked Questions" before activating! 5. From the plugins dashboard, click the "Activate" button located directly below where you see "CIDRAM". 6. After you've activated the plugin, you'll be able to modify the CIDRAM configuration file directly from your plugins dashboard. Unfortunately, due to filetype restrictions, the CIDRAM configuration file can't be modified from the plugins dashboard while CIDRAM is deactivated/inactive, and won't appear in the files list. To modify the CIDRAM configuration (after CIDRAM has been activated), click the "Edit" button located directly below where you see "CIDRAM", and in the list that should appear to the right, look for "cidram/vault/config.ini". Click on that, and the CIDRAM configuration directives should appear. Edit as per your needs, and click "Update File".

= Installing via manual upload.

= 1. Download the package onto your local machine, and extract its content to a directory convenient for editing. 2. Before activating the plugin, it is advisable to understand the various configuration directives available to the plugin, what they do, and how to change them. Go to http://maikuolan.github.io/CIDRAM/, scroll the page until you reach the "Documentation" subheading; Choose your language, and read through "Section 5: Configuration Options"; The information presented relates to the configuration directives available to the plugin. 3. Please read through the "Frequently Asked Questions" before activating! 4. Modify the file /vault/config.ini as per your needs (this file contains the configuration directives available to the plugin), and make any other necessary changes to the package (eg, installing custom signature files, if you need them). 5. Upload the plugin files to the /wp-content/plugins/cidram directory of your Wordpress installation. 6. From the plugins dashboard, click the "Activate" button located directly below where you see "CIDRAM".

= What is the best way to receive support?

= The best way to receive support is by contact the plugin developer via the CIDRAM issues page hosted at Github and/or via the CIDRAM support forum provided by the Spambot Security community.

= How can I report bugs or make suggestions for the plugin?

= See the answer to the previous question (the Github issues page or the support forum are the preferred means).

= Help! I've been blocked from my own website! What do I do?!

= CIDRAM may occasionally produce 'false positives' as a result of its signatures (eg, when they become outdated, or when mistakes are made). If you lose front-end access to your Wordpress installation as a result of a false positive produced by this plugin, the best solution may depend on the nature of your IP address (specifically, whether it is static or dynamic); In either case, though, you will likely need back-end access to your server or website (eg, via FTP). If you don't have any back-end access to your server or website, you'll need to be able to contact someone that does (eg, a server administrator or technical support assistant), and if that isn't possible, I would recommend caution in using this plugin, in case you find yourself in a situation where rectifying the problem of being blocked from your own website isn't possible. Now, assuming that you and/or someone that you can contact has back-end access, if your IP address is static, generally, the best solution would be to whitelist your IP address address as to prevent any further unwanted blocking by way of your IP address, or, if your IP address is dynamic, generally, the best solution would be to establish an 'ignore' rule for the plugin as to prevent any further unwanted blocking by way of your ISP or by way of whichever set of signatures would normally be responsible of your being blocked in the first place. To learn how to whitelist an IP address and how to write ignore rules for CIDRAM, please refer 'Section 6: Signature Format' of the documentation. If you require assistance with this, direct support may be received via the CIDRAM issues page hosted at Github and/or via the CIDRAM support forum provided by the Spambot Security community. If you do encounter any false positives, you are strongly encouraged to report these to the developer, as so that these problems may be rectified for future releases.

= What is a 'signature'?

= In the context of this plugin, a 'signature' is what we use to identify the origins of individual requests and how we determine the best way to respond those individual requests (eg, whether to block the request, whether to allow it access to your website, etc). Generally, a signature takes the form of a CIDR, followed by an instruction for how to respond to that CIDR.

= What differences are there between the package as per is available from Github versus the package as per is available from the Wordpress plugins page?

= The packages are entirely identical, except in that some of the required stages of installation as per stated in the documentation, which do apply to the package as per is available from Github, do not apply to the package as per is available from the Wordpress plugins page (specifically, the steps asking that you rename some files in order to activate them, do not apply to the Wordpress version of the package, and the steps requiring that you modify the CHMOD settings of the 'vault', should not apply to the Wordpress version of the package, in that the appropriate settings would've already been established prior to installing CIDRAM in order for Wordpress to be capable of installing any plugins at all in the first place anyhow; if your CHMOD settings are incorrect, it is likely that Wordpress itself will not allow you to install any new plugins when you attempt to do so); The i18n documentation included with the Github version of the package, is not included in the Wordpress version of the package, due to that this documentation is written using the markdown format, which isn't interpreted natively by most browsers at this time, and due to that it wouldn't serve any real purpose in the Wordpress version of the package, due to that this i18n documentation can be accessed directly from Github anyhow; There exists an 'assets' directory in the Wordpress version of the package, which doesn't exist in the Github version of the package, due to that the contents of the 'assets' directory is specific to Wordpress plugins and therefore wouldn't serve any real purpose in the Github version of the package; Finally, there are some other peripheral files included in the Github version of the package (such as the "composer.json" file) which are specific to the Github version of the package and therefore wouldn't serve any real purpose being in the Wordpress version of the package (and visa versa, such as is the case for the "readme.txt" file that you're currently reading), and so, aren't included in it (the "composer.json" file, for example, is intended to allow CIDRAM to be installed via Composer, which is not the preferred installation method for Wordpress plugins). The packages, otherwise, are identical.

Requirements

CIDRAM requires that your installed version of PHP is => 5.4.0 in order for it to run correctly. If your installed version of PHP is < 5.4.0, do not install this plugin, because it will not function as intended.

PHP => 7.0.0 is recommended due to improved performance, but is not necessary.

All currently available versions of PHP => 5.4.0 are compatible with this plugin.

Additionally, CIDRAM requires that PCRE be included with your PHP installation (most PHP installations already have PCRE included by default, so this generally shouldn't be a problem). Absence of PCRE will prevent CIDRAM from functioning correctly.

Updating

Note: CIDRAM does not interact in any way with your database, and stores its internal configuration settings, customisations and related materials as flatfiles within its own directory. If you've not changed any of the default configuration settings and if you're not using any customisations for this plugin, updating normally through your plugins page, without need for any additional steps, should be sufficient and shouldn't cause any problems. However, if you have made modifications to the configuration settings for this plugin, or if you're using any customisations, custom signatures files or any such related materials, I would recommend making backups of all of these prior to updating, due to that updating will likely overwrite these changes and customisations (after updating, you can then restore your customisations from your backups).

Share  
Download
Version 0.7.0

Requires WordPress version: 3.0.1 or higher

Compatible up to: 4.7.2

Last Updated 01 Feb 2017

Date Added: 04 Aug 2016

Plugin Homepage

Evaluation
star1
star2
star3
star4
star5

0 stars
0 ratings
96 downloads

Compatibility

Not Enough Data

Reports:
Works: 0
Broken: 0