Security Log – errors not logged, log file empty, log file blank

Home Forums BulletProof Security Free Security Log – errors not logged, log file empty, log file blank

Viewing 5 posts - 16 through 20 (of 20 total)
  • Author
    Posts
  • #15227
    silas88
    Participant

    Hi,

    Thanks for responding so quickly. Just to clarify I am getting 404 errors logged, and I was getting 403 errors logged in January. Since late January I don’t see any 403’s but I still see 404’s. It’s a long time since January so I can’t recall what changed at the time that could have made a difference. Thanks.

    #15228
    AITpro Admin
    Keymaster

    There is an issue in the current version of BPS Pro 8.3 that has been fixed in BPS Pro 9.0 (no ETA release date yet) where turning Security Logging Off and then back On creates an invalid path in the ErrorDocument line of code.  The workaround in BPS Pro 8.3 is to activate Root folder BulletProof Mode again.  In order for this to work you MUST have Security Logging turned On on the Security Log page.  After doing these steps above, enter this below in your Browser address/URL window to test that Security Logging is working.

    http://www.your-website-domain-name/?sp_executesql

    #15260
    silas88
    Participant

    Hi,

    Only just had time to look at this again today. “creates an invalid path in the ErrorDocument line of code.” If this is the line in the .htaccess file then those lines are in my custom code and I can see the exact same code in the actual .htaccess. I have them in custom code as I need to refer to the 404 and 500 error docs in my theme folder.

    ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
    ErrorDocument 401 default
    ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
    ErrorDocument 404 /wp-content/themes/my_theme/404.php
    ErrorDocument 500 /wp-content/themes/my_theme/500.php

    I notice that in the example field to the right of the custom code shows the following. Is this the correct line (i.e. should there be no ‘/’ before wp-content)? The 404 error document is working for me and that has a / before the folder name. I’ll try and do some experiments.

    ErrorDocument 403 wp-content/plugins/bulletproof-security/403.php

    Thanks.

    #15262
    silas88
    Participant

    1/ So removing the / does not work.
    2/ When I put a 403 blocked url in the browser I get “web page not available”  and “Error code: ERR_CONTENT_DECODING_FAILED” in Chrome. I can also see the page is blocked with 403 in browser developer panel console. So blocking is working but logging is not. Could there be an issue with 403.php somehow?

    GET http://www.mydomain.com/.htaccess 403 (Forbidden) http://www.mydomain.com/.htaccess:1
    GET http://www.mydomain.com/.htaccess net::ERR_CONTENT_DECODING_FAILED http://www.mydomain.com/.htaccess:1
    GET http://www.mydomain.com/Permanent 403 (Forbidden) http://www.mydomain.com/Permanent:1
    GET http://www.mydomain.com/Permanent net::ERR_CONTENT_DECODING_FAILED http://www.mydomain.com/Permanent:1
    #15265
    AITpro Admin
    Keymaster

    Could there be an issue with 403.php somehow

    http://httpd.apache.org/docs/2.2/mod/core.html#errordocument
    Yes, most likely your Host does not allow logging of 403 errors by anything else except for them or they have configured ErrorDocument in the Server httpd.conf file to handle 403 errors.  The ErrorDocument directive is a redirect directive.  It is generally the same as Redirect or RedirectMatch, which redirect URL’s from A to B.  If your Host is already redirecting 403 errors in the Server’s httpd.conf file with ErrorDocument then Security Log entries will not be logged since your Server is already using ErrorDocument to redirect 403 errors to the Server’s log file location.  You would need to check with your web host about this.

Viewing 5 posts - 16 through 20 (of 20 total)
  • You must be logged in to reply to this topic.