How Do I Whitelist a whole plugin folder

[guy te watson]

How Do I Whitelist a whole plugin folder?  The below from another thread is not clear.

NOTE: Plugin Whitelisting rules use standard Regex characters. For example you could Whitelist all .js files in a particular plugins folder by creating this whitelist rule: /example-plugin-folder-name/(.*).js. The (.*) Regex characters mean match anything. The rule says match any file name in the /example-plugin-folder-name/ folder that is a .js file.

How would I set it to whitelist any file in a plugin folder? Are the parentheses needed? Which of the below is correct 1 or 2 or 3 or 4 or something else?

1 /example-plugin-folder-name/(.*).(.*)
2 /example-plugin-folder-name/*.*
3 /example-plugin-folder-name/(*).(*)
4 /example-plugin-folder-name/.*..*

Thanks!
In Christ
guy te

[AITpro Admin]

You will find step by step instructions here:  http://forum.ait-pro.com/forums/topic/autorestore-quarantine-exclude-plugins-folder-and-themes-folder/

[guy te watson]

The thread you left me is about excluding a folder from being checked by ARQ.  I am not asking about that. I am asking how to Whitelist a whole plugin folder in the Plugins Firewall. The “NOTE” I included above is talking about that but is unclear. What is the path that needs to be put in the Plugins Firewall Whitelist Tool to whitelist a whole plugins folder? Which of the below is correct 1 or 2 or 3 or 4 or something else?

1 /example-plugin-folder-name/(.*).(.*)
2 /example-plugin-folder-name/*.*
3 /example-plugin-folder-name/(*).(*)
4 /example-plugin-folder-name/.*..*

Thanks!
guy te

[AITpro Admin]

Oh whoops.  You need to have a valid identifier for your regular expression. You should ONLY need to whitelist either all php or js files or both.  You would probably not have to whitelist any other file types.

/example-plugin-folder-name/(*).php - whitelists all php files
/example-plugin-folder-name/(*).js - whitelists all js files

[Joshua Wilson]

Hello, i have been still trying for a while to get the plugin whitelist rules to work. i have tried across all my sites and it blockes the js to my e-commerce plugin.  I have tried different variables and none of it seems to work.  I have scanned and listed the plugins below.  This is what i have in the .htaccess.

SetEnvIf Request_URI "/woodojo/bundled/woodojo-tabs/assets/js/functions.js$" whitelist
SetEnvIf Request_URI "/woocommerce/(*).js" whitelist
SetEnvIf Request_URI "/woocommerce/(*).php" whitelist
SetEnvIf Request_URI "/background-manager/js/(.*).js$" whitelist

[Joshua Wilson]

T o clarify its what i have in the plugin folder .htaccess.  I search the forum first and got some answers but it didn’t work for me. I’v also backed up all the upper level .htacces files to rule that out

[AITpro Admin]

2 of your whitelist rules are not valid. They are missing the dollar signs $.

SetEnvIf Request_URI "/woocommerce/(*).js" whitelist
SetEnvIf Request_URI "/woocommerce/(*).php" whitelist

Do NOT manually add whitelist rules to your plugin firewall .htaccess file.  Let BPS Pro do this instead to ensure that the rules are correct.  Add your plugin script paths to the Plugin Firewall Whitelist Text Area, click the Save Whitelist Options button and activate the Plugin Firewall. BPS Pro will add the dollar signs and all the rest of the whitelist rule/code correctly.

The other very important reason for using the Plugin Firewall Whitelist Text Area is that this data is saved permanently so that if you need to deactivate and reactivate the Plugin Firewall then your saved plugin script paths would automatically be written to your plugin firewall .htaccess file again.  If you edit the plugins .htaccess file manually then you would have to manually add your whitelist rules again.

[Joshua Wilson]

I added this to the whitelist box, saved and re-imported the .htaccess but its still blocking all the scripts

/woocommerce/(*).js
/background-manager/js/(.*).js
/woodojo/bundled/woodojo-tabs/assets/js/functions.js

[AITpro Admin]

What does this mean? “I added this to the whitelist box, saved and re-imported the .htaccess but its still blocking all the scripts”

None of what you said above makes any sense to me.  This info below is how you setup the Plugin Firewall.  If you would like to see the full setup steps then click the Plugin Firewall Blue Read Me help button.  Below is a summary of the correct Plugin Firewall setup steps.

Add your plugin script paths to the Plugin Firewall Whitelist Text Area, click the Save Whitelist Options button and activate the Plugin Firewall.

 

[Joshua Wilson]

“Add your plugin script paths to the Plugin Firewall Whitelist Text Area, click the Save Whitelist Options button and activate the Plugin Firewall.”

I have tried this multiple times and it still blocks my scripts. Im sorry for the vauge explanation

[AITpro Admin]

Ok send me an administrator login to the website – edward at ait-pro dot com.

[AITpro Admin]

Something is very wrong with your site architecture.  You have a WordPress site installed in a folder that points to another completely different domain.  I assume you are doing some sort of Control Panel Domain forwarding thing or some other thing that is causing all the problems.  You error logs are full of errors from this WordPress site, but when I try and test the domain you are pointing too the 2 sites are not seen as the same site.  Please fix this first.  I could not continue with setting things up because the basic structure of this website is a mess.  BPS Pro will not work correctly until you fix that mess.

[Joshua Wilson]

I have fixed the issue. When you have time please take another look.

I noticed you got the UAEG status to display on.   On my other sites i have activated the UAEG, but the display never showed it was on.  It copies the .htaccess in the uploads folder correctly.

[Joshua Wilson]

I found this in my cpanel redirects page, could this be blocking the $ variable? Domain Directory Redirect Url Type Match www. Wildcard Remove

ALL 403 /\..*$ permanent
ALL 403 /\..*$ permanent
ALL 403 /\..*$ permanent
ALL 403 /\..*$ permanent
ALL 403 /\..*$ permanent
ALL 403 /\..*$ permanent
ALL 403 (https?|ftp|php)\:// permanent
ALL 403 /(https?|ima|ucp)/ permanent

[AITpro Admin]

Ok will login in about 15 minutes.  Thanks.

Those are not valid rules.  I assume the problem with this cPanel Tool is similar to the cPanel Broken HotLink Protection Tool problem where that cPanel Tool looks at the existing root .htaccess file code and tries to create cPanel rules based on the code it finds in the root .htaccess file.  The “permanent” directive would be used for a redirect like the example code shown below.  In this case the cPanel Tool is creating invalid rules because it is not interpreting the .htaccess code correctly.

Example of how the permanent directive should be used:

Redirect permanent /one http://example.com/two

Try removing this invalid code from the cPanel Tool, but it may not let you do this.  Or you can try disabling this cPanel tool if you are not actually using it.  You can add redirect code to BPS Custom Code if you have redirects for your website.

This is one of many Forum topics regarding .htaccess redirect code.

http://forum.ait-pro.com/forums/topic/htaccess-redirect-code-where-do-i-add-redirect-htaccess-code/

[Author]

Posts