Remote access to php file blocked

Home Forums BulletProof Security Free Remote access to php file blocked

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #15241
    Austin
    Participant

    Hi – I have a php file in my root folder (/public_html) that is accessed by a script on another server.

    It was being blocked by some part of the bps htaccess but I got around it by removing:

    RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
    RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]

    and adding:

    RewriteCond %{REMOTE_ADDR} !^11\.11\.11\.11 (the remote server IP)

    My problem now is that I’m using CloudFlare on my WP site and the remote server is being blocked again – I tried adding all their IP ranges in RewriteCond %{REMOTE_ADDR} but no joy.

    Is there another way? Any ideas?

    #15243
    AITpro Admin
    Keymaster

    Those 2 security filters are problematic and have been replaced with these 2 new security filters in BPS .50.2.  You can add them now if you want or just remove or comment out those 2 problematic security filters.  Remove the IP blocking line of code you added since it will cause major problems.

    RewriteCond %{THE_REQUEST} \?+(%20{1,}|[^\s])+HTTP+(:/|/) [NC,OR]
    RewriteCond %{THE_REQUEST} \/+(\*|%2a)+(%20|\s){1,}+HTTP+(:/|/) [NC,OR]

    These security filters above also had some issues and have been replaced by this security filter below.
    The new security filter in .50.3 is:

    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\s+|%20+\s+|\s+%20+|\s+%20+\s+)HTTP(:/|/) [NC,OR]

    The security filters have been changed one last time in BPS .50.4/BPS Pro 9.1 to:

    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)HTTP(:/|/) [NC,OR]
    #15249
    Austin
    Participant

    Yup, that works – thanks!

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.