Require known IP addresses in site admin area · Cloudflare Web Application Firewall (WAF) docs | Latest TMZ Celebrity News & Gossip | Watch TMZ Live Skip to content
Cloudflare Docs

Require known IP addresses in site admin area

If an attack compromises the administrative area of your website, the consequences can be severe. With custom rules, you can protect your site’s admin area by blocking requests for access to admin paths that do not come from a known IP address.

The example below limits access to the WordPress admin area, /wp-admin/, by blocking requests that do not originate from a specified set of IP addresses.

To prevent attackers from successfully using a permutation of /wp-admin/ such as /wP-AdMiN/, use the lower() transformation function to convert the URI path to lowercase:

  • Expression: (not ip.src in {10.20.30.40 192.168.1.0/24} and starts_with(lower(http.request.uri.path), "/wp-admin"))
  • Action: Block

Other resources

TMZ Celebrity News – Breaking Stories, Videos & Gossip

Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.

Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.

🎥 Watch TMZ Live

TMZ Live brings you daily celebrity news and interviews straight from the TMZ newsroom. Don’t miss a beat—watch now and see what’s trending in Hollywood.