.htaccess custom code issue – Query String Exploits Custom Code

Home Forums BulletProof Security Free .htaccess custom code issue – Query String Exploits Custom Code

Tagged: ,

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • October 8, 2013 at 1:33 am #10406
    Ian Ryan
    Participant

    Hi

    I am copying the full section from # BEGIN BPSQSE BPS QUERY STRING EXPLOITS to # END BPSQSE BPS QUERY STRING EXPLOITS from my secure.htaccess to the equivlanent section under the Custom Code tab. I then customise one of the rewrites to my needs in this Custom Code block. When I then click on “Save Root Custom Code” I get a page not found error response with the following url “http://[mydomainname]/wp-admin/options.php#bps-tabs-7”. As a consequence it appears that my .htaccess Custom Code is not saved.

    How do I resolve this issue?

    Thanks

    October 8, 2013 at 8:49 am #10410
    AITpro Admin
    Keymaster

    You can only edit (comment out, modify, add new filters/rules) the BPS Query String filters or add additional security filters.  You cannot and should not be adding any RewriteRules to the BPS Query String section.  This section of code is just for security filters and nothing else.  Adding a RewriteRule will not work because the section of Query String filters and rules is inside of the WordPress Rewrite Loop already.

    What exactly are you trying to add?  Please post the actual RewriteRule with a full explanation of what you want to do.  Most likely it just needs to go in a different Custom Code Text box.

    October 8, 2013 at 2:39 pm #10421
    Ian Ryan
    Participant

    Hi

    I didn’t explain myself very well. I am using a couple of plugins on different sites which use curl and wget. These plugins do not function correctly unless I modify the rule in the secure .htaccess file. At some point in the past I was advised by support to remove wget and curl from the BPSQSE BPS QUERY STRING EXPLOITS. On each occasion that I would generate a new secure .htaccess I would edit the secure .htaccess file and remove wget and curl from the BPSQSE BPS QUERY STRING EXPLOITS.

    I now realise that I can have this modification applied automatically by adding the modified BPSQSE BPS QUERY STRING EXPLOITS block to the Custom Code.  My modified BPSQSE BPS QUERY STRING EXPLOITS block is a direct copy of the BPSQSE BPS QUERY STRING EXPLOITS block generated by BPS Security except that wget and curl are removed from the Rewrite rules. So my modified BPSQSE BPS QUERY STRING EXPLOITS block would be as follows:-

    # BEGIN BPSQSE BPS QUERY STRING EXPLOITS
...
...
...
# END BPSQSE BPS QUERY STRING EXPLOITS

    However when I add this modified BPSQSE BPS QUERY STRING EXPLOITS block to the CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS section of the Custom Code tab and click on save When I then click on “Save Root Custom Code” I get a page not found error response with the following url “http://[mydomainname]/wp-admin/options.php#bps-tabs-7”. As a consequence it appears that my .htaccess Custom Code is not saved.

    Have I explained the issue a little better?
    Thanks
    Ian

    October 8, 2013 at 3:16 pm #10423
    AITpro Admin
    Keymaster

    That is very odd.  Is this a Hosted website or is this a local installation development site, such as XAMPP, WAMP or LAMP?  Are you doing something unusual with WordPress Permalinks?  A permalink hack or some other unusual permalink setting?  Does your site require a php/php.ini handler?  Is BPS wp-admin BulletProof Mode activated?  Is this a standard WordPress single website installation or is this a Network/Multisite installation of WordPress?

    These are the URL’s you should see in your Browser window before and after clicking the Save Custom Code button.

    /wp-admin/admin.php?page=bulletproof-security/admin/options.php
or 
/wp-admin/admin.php?page=bulletproof-security/admin/options.php#bps-tabs-7
or
/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Foptions.php&settings-updated=true#bps-tabs-7
    October 9, 2013 at 3:23 am #10428
    Ian Ryan
    Participant

    I am doing nothing unusual with Permalinks other than I have selected “Post name” under “Settings -> Permalinks -> Common Settings”. My site does not require a php/php.ini handler that I am aware of. Yes, BPS wp-admin BulletProof Mode is activated. I have tried saving the Custom Code with BPS wp-admin BulletProof Mode de-activated with the same page not found response. This is a standard WordPress single website instance running on shared hosting.

    I tried again this morning to save my modified BPSQSE BPS QUERY STRING EXPLOITS block to the CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS section of the Custom Code tab but still when I click on “Save Root Custom Code” I get a page not found error response with the following url “http://[mydomainname]/wp-admin/options.php#bps-tabs-7″ and my .htaccess Custom Code is not saved.

    October 9, 2013 at 6:56 am #10429
    AITpro Admin
    Keymaster

    hmm not really sure what to tell you here.  The link is valid so it should work so I guess ask your Host support why this link does not work on their Server.  It may have to do with some rules they have on their Server about not allowing #bps-tabs-7.

    October 10, 2013 at 3:49 pm #10469
    Ian Ryan
    Participant

    Thanks. I will check this out with the host and get back to you.

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.