ERROR: Deny All protection NOT activated for BPS Master /htaccess folder

Home Forums BulletProof Security Pro ERROR: Deny All protection NOT activated for BPS Master /htaccess folder

Tagged: 

Viewing 6 posts - 16 through 21 (of 21 total)
  • Author
    Posts
  • #25085
    Paul
    Participant

    I,ll be out for a few hours, catch up on my return

    #25086
    AITpro Admin
    Keymaster

    Ok I am done and logged out now.  This is a host specific issue/problem with eUKhost.  The good news is the Root, wp-admin, Plugin Firewall and UAEG htaccess files and code are all working normally and not being ignored or restricted by eUKhost.

    eUKhost is selectively allowing, restricting or ignoring certain htaccess code and files at the server level and it may be just website directory level restrictions for htaccess files.  The Apache Module testing htaccess file/code in this folder: /bulletproof-security/admin/mod-test/.htaccess is being completely ignored.  The Apache Module testing htaccess file/code uses every possible combination of htaccess code to find out what your server does and does not allow and since your server is ignoring all the htaccess code in that file then there is no way to tell what your server does and does not allow since all of the htaccess code is being ignored. In other words, the Apache Module testing code does not work on eUKhost at all.

    Notes:
    Since the /mod-test/.htaccess file and code is being ignored, but the Root and Plugin Firewall htaccess code is working normally on eUKhost then the only way to view the Apache Module Visual Test page is to deactivate Root folder BulletProof Mode and the Plugin Firewall. When viewing the Apache Module test page all test images are displayed, which verifies that the /mod-test/.htaccess file and code is being completely ignored by eUKhost.

    Summary|Conclusion|Solution:
    A logical solution is to create additional conditions in the BPS Apache Module checking code to do these things:  Create generic fallback htaccess files/code using mod_access_compat htaccess code for use in certain BPS plugin folders for hosts that restrict/block/ignore the /mod-test/.htaccess file and code and/or have directory level htaccess file/code restrictions.  Create a new System Info displayed message like:  Your host does not allow/restricts the BPS Apache Module Test.

    #25131
    Paul
    Participant

    So now that i have activated it manually, i assume i,m fully protected at website level?
    The strange thing is i have always been with Eukhost and i know 100% that this has been working in the past. Unfortunately i can’t be precise but certainly within the last three months when i would have checked security status.

    Thank you for your time looking into this

    #25133
    AITpro Admin
    Keymaster

    Everything is fine, working and protected as it should be.  Here is why:  htaccess files are hierarchical/recursive.  Your root htaccess file protects the root folder and files and all folders/files above it:  /wp-content/, etc.  Your Plugin Firewall htaccess file protects all plugins folders and files above it:  /bulletproof-security/, /example-plugin-folder/, etc.  So what is happening now is that the Apache Module checking code makes a decision on which htaccess code to use in your htaccess files and currently falls back to mod_access_compat htaccess code.  We now need to create additional fallback conditions and code for this particular scenario.  Basically what needs to be done is just cosmetic stuff so that errors are not displayed to make people worry that their site is not protected when it actually is.  😉

    #25134
    Paul
    Participant

    Ok excellent, again really appreciate your time and help.

    #25135
    AITpro Admin
    Keymaster

    Very welcome.  Thanks for reporting this issue/problem.  Since the Apache Module test thing is new we expected to run into some bumps in the road, but so far only a couple of bumps so not a big deal and a little fine tuning is all that is needed.

    Best Regards,
    Ed

Viewing 6 posts - 16 through 21 (of 21 total)
  • You must be logged in to reply to this topic.