MaxCDN htaccess code – how and where to add MaxCDN htaccess code

Home Forums BulletProof Security Pro MaxCDN htaccess code – how and where to add MaxCDN htaccess code

This topic contains 5 replies, has 2 voices, and was last updated by  AITpro Admin 1 year, 9 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #12765

    AITpro Admin
    Keymaster

    Email Question:

    Hope you are doing well. I installed MaxCDN for my site. To avoid SEO issues, they suggested to add the following code. Where should I put it? Thank you.  Below is the example of htaccess code you should be using to send canonical header to CDN when origin domain is “domain.com”:

    <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|webp|html)(\.gz)?(\?.*)?$">
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule .* - [E=CANONICAL:http://%{HTTP_HOST}%{REQUEST_URI},NE]
    RewriteCond %{HTTPS} =on
    RewriteRule .* - [E=CANONICAL:https://%{HTTP_HOST}%{REQUEST_URI},NE]
    </IfModule>
    <IfModule mod_headers.c>
    Header set Link "<%{CANONICAL}e>; rel=\"canonical\""
    </IfModule>
    </FilesMatch>
    #12766

    AITpro Admin
    Keymaster

    IMPORTANT Note: The MaxCDN help page here: https://www.maxcdn.com/one/tutorial/how-to-use-cdn-with-webfonts/ may contain newer htaccess code for MaxCDN so please check the link above instead of using the MaxCDN htaccess code posted in this forum topic.

    I believe the best place for this MaxCDN htaccess code would be in this BPS Root Custom Code text box:  CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE and it should be added BEFORE any htaccess cache code in that text box (if you have any caching code in that text box).

    After copying and pasting the MaxCDN htaccess code into this Custom Code text box, click the Save Root Custom Code button, go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    #30171

    armintz
    Participant

    added maxcdn to my site and shortly after i noticed bps pro was sending wp-config to quarantine.
    my process to “fix”:
    1. turn auto restore off, save
    2. add exclude wp file rule with the file’s path, save
    3. run the 4 auto restore backups
    4. activate root folder bp mode
    5. activate wp-admin bp mode
    6. turn auto restore back on, save
    7. restore wp-config from quarantine

    is this process correct? is my wp-config file still secure?
    thank you

    #30174

    AITpro Admin
    Keymaster

    @ armintz – I was not aware that MaxCDN added anything to the wp-config.php file, but for all plugins or anything else that writes to WP files you would just use these AutoRestore|Quarantine Standard Procedural Steps:  http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#procedural-steps

    #30178

    armintz
    Participant

    is my wp-config vulnerable with the exclude rule that i’ve applied?

    #30180

    AITpro Admin
    Keymaster

    @ armintz – Well you would want AutoRestore to be able to check your wp-config.php file regularly on an ongoing basis since the wp-config.php file is one of the primary attack vectors/targets for hackers.  So it is ok to temporarily exclude the wp-config.php file from being checked by AutoRestore, but long term you would not want to exclude the wp-config.php file from being checked by AutoRestore.  Recommendation:  Turn Off AutoRestore, remove/delete the wp-config.php single file exclude rule you created, click the AutoRestore Root Files Backup button and turn AutoRestore back On.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.