Home › Forums › BulletProof Security Free › .49.3 mod_security issue – code mod pending for .49.4
Tagged: ModSecurity, mod_security
- This topic has 20 replies, 5 voices, and was last updated 8 years, 11 months ago by
AITpro Admin.
-
AuthorPosts
-
AITpro Admin
KeymasterWhat is happening with your code modification above is this:
If the Request URI is your login page “AND” the user agent is blank then apply the other conditions so basically this would only apply to blank user agents using HTTP/1.0 instead of what is intended is “OR”. A blank user agent “OR” any Request that is made using HTTP/1.0.
# BRUTE FORCE LOGIN PAGE PROTECTION # Protects the Login page from SpamBots & Proxies # that use Server Protocol HTTP/1.0 or a blank User Agent RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$ RewriteCond %{HTTP_USER_AGENT} ^$ RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR] RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$ RewriteRule ^(.*)$ - [F,L]Oscar Polat
ParticipantI upgraded to 49.4 just a minute ago. I cannot logout or login. This time I am getting the following error:
Error 404
Nothing Found
Sorry, the post you are looking for is not available. Maybe you want to perform a search?KeymasterWe have decided not to include the Brute Force Login page protection code as standard code in BPS. We are reverting back to the previous method of offering this code as Bonus code with a Dismiss Notice. We will be releasing BPS .49.5 today and it will not include the Brute Force Login page protection code as standard code in the root .htaccess file.
To remove the Brute Force Login page protection code do these steps.
Go to the Custom Code tab page.
Click on the Root htaccess File Custom Code accordion tab.
Add a pound sign # in this Custom Code Text box: CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION:
Click the Save Root Custom Code button.
Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.KeymasterBPS .49.5 Whats New page help info
Brute Force Login Protection code:
The success/fail ratio for the Brute Force Login page protection code was 95%/5% success/fail. We have decided not to make this code standard BPS root .htaccess file code and are reverting back to using the Bonus Code Dismiss Notice so that this code is optional and not standard code. If you are already using this code and it is working fine on your site then copy and paste the code to this BPS Custom Code text box: CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION to save it permanently. BPS will no longer automatically add this code to the root .htaccess file as standard BPS code.If you are seeing a 403 error when logging in or logging out of your website delete the code shown below from your root .htaccess file.
# BRUTE FORCE LOGIN PAGE PROTECTION # Protects the Login page from SpamBots & Proxies # that use Server Protocol HTTP/1.0 or a blank User Agent RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$ RewriteCond %{HTTP_USER_AGENT} ^$ [OR] RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR] RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$ RewriteRule ^(.*)$ - [F,L]Kouichi Sugawara
ParticipantHi AITpro
Now Display – Bonus Custom Code: Brute Force Login Protection
This proteciton may be not needed for me.How to clear this diplay ?
KeymasterClick the “Dimiss Notice” link to Dismiss Notices.
Bonus Custom Code: Brute Force Login Protection
You may already have this code in your root .htaccess file. In BPS Pro 7.6 this code was standard code and was removed due to this code being problematic for a small number of folks.
Click the Click Here link below for instructions on how to either check for this code in your root .htaccess file or how to add this code to BPS Pro Custom Code.
Click Here for how to check for or get the additional Brute Force Login Protection code for your website.
To Dismiss this Notice click the Dismiss Notice link below. To Reset Dismiss Notices click the Reset/Recheck Dismiss Notices button on the S-Monitor page.
Dismiss Notice -
AuthorPosts
- You must be logged in to reply to this topic.