Windows IIS – htaccess files

[JJ_UK]

I am good at CSS and HTML but not a techie. I get this message on my wordpress database.

WARNING! BPS has detected that your Server is a Windows IIS Server that does not support htaccess rewriting.
Do NOT activate BulletProof Modes unless you know what you are doing.
Your Server Type is: Microsoft-IIS/6.0
WordPress Codex – Using Permalinks – see IIS section

I don;t know what I am doing, so should I not activate Bulletproof mode as advised – in which case am I even protected?

Should I be contacting my provider to let me access the Windows IIS Server – I am sure I made some changes to the file permissions a while ago using my ftp server which I thought did that.

Or do I need a different security plugin that doesn’t require access (but may not be as good)

Any advice appreciated!!! Many thanks. JJ

[AITpro Admin]

EDIT|UPDATED: 11-4-2016
https://www.iis.net/downloads/microsoft/url-rewrite
Windows IIS URL Rewrite 2.0 Extension works With: IIS 7, IIS 7.5, IIS 8, IIS 8.5, IIS 10 to translate Apache htaccess code/rules into rules that can be used by Windows IIS servers.

—————————————————————-

• Microsoft IIS 7+ web server with the URL Rewrite 1.1+ module and PHP 5 running as FastCGI

• Microsoft IIS 6+ using ASAPI_Rewrite

Your options are:

Use the ISAPI_Rewrite (typo above on the wordPress.org site – should be ISAPI and not ASAPI) module from Helicon and install it on your server.

• If your IIS Server has ISAPI_Rewrite installed then you CAN use .htaccess files / BulletProof Modes.
• IMPORTANT NOTES: If you have an IIS Server you may or may not be able to use .htaccess files and can only use Login Security & Monitoring. If your IIS Server is using the URL Rewrite Module then you can probably use .htaccess files / BulletProof Modes. If you activate BulletProof Modes and your website crashes then FTP to your website and delete the root .htaccess file and the wp-admin .htaccess file. You will not be able to use .htaccess files on your Server/website and can only use Login Security and the other features in BPS.

Upgrade to IIS 7 with URL Rewrite 1.1+ module and PHP5 running as FastCGI

Switch your Hosting account type from Windows to Linux.

[JJ_UK]

Thank you

[A.A. de Groot]

[Topic has been merged into this relevant Topic]
Hi,

I´m on a Windows IIS server and im trying to find a working security plugin for this platform, I´m trying to use the free version first before i buy the pro version.

I have 1 question and 1 issue:

1. the plugin creates an .htaccess file, but i take it windows IIS cant do anything with it, so I have to rewrite it into the web.config? do i have to do this for only the root one or also for all the folder ones? and if yes, where are they all located?

When installing I get the following message:
BulletProof Security Database Tables Setup
Error: Unable to create DB Table xx_bpspro_seclog_ignore
Error: Unable to create DB Table xx_bpspro_login_security
Error: Unable to create DB Table xx_bpspro_db_backup
changed the pre for security

[AITpro Admin]

@ A.A. de Groot – See the forum Reply above in this forum topic regarding the Windows IIS URL Rewrite 2.0 Extension.  If you have the Windows IIS URL Rewrite 2.0 Extension installed/enabled on your server/website then your server can use and process Apache htaccess files.

When you run the BPS Setup Wizard, the Setup Wizard does a Live htaccess file test to see if your website/server can use/process htaccess files/code.  If BPS has created htaccess files for your website then your Windows IIS server can use/process htaccess files and does not need to use a web.config file.  If the BPS Setup Wizard detects that your website/server cannot use htaccess files then htaccess files will be disabled and not created by the Setup Wizard.  Go to the BPS System Info page and copy and post this information below about your website/server:  Note:  Your information may look different than the information below.

Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
200: mod_rewrite Module is Loaded

Not sure if the DB table creation issue/problems is related to htaccess files and your IIS server.  It may be a completely different issue/problem.  Re-run the Setup Wizard again and if you see any blue or red font notice or errors then post those notices or errors in your reply.

[A.A. de Groot]

Hi there,

Thank you for the reply, I have rerun the wizard twice but I keep getting:
BulletProof Security Database Tables Setup
Error: Unable to create DB Table TL_bpspro_seclog_ignore
Error: Unable to create DB Table TL_bpspro_login_security
Error: Unable to create DB Table TL_bpspro_db_backup

For the question you asked about here is the info:
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
200: mod_access_compat is Loaded
200: mod_rewrite Module is Loaded

[AITpro Admin]

@ A.A. de Groot – Try uninstalling the BPS plugin on the WordPress Plugins page and choose the Complete Uninstall option.  Then reinstall BPS and run the Setup Wizard.  Is there anything unusual about your database?  Do you have a single database or multiple databases?  Have you added any code in your wp-config.php file that does anything with your database?

[A.A. de Groot]

Hi there,

I talked with my server guys (it’s a managed server) and they are sure the htaccess files cant be used by the server. Is there a feature i can test wich can only work if the htaccess files work? this way I can be sure the server uses the htaccess files.
For the table I have uninstalled and reinstalled, same issu, it is a standard db also no code in wp-config

regards

[AITpro Admin]

@ A.A. de Groot – You already checked the BPS System Info page and posted your server/website info for Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No).  Based on the Live tests your server/website has these Apache Modules and htaccess directives loaded:  mod_access_compat and mod_rewrite.  So you will have to manual testing:  Example:  Activate BulletProof Modes, if everything is working then your website/server can use htaccess files.  If everything is not ok then your website/server cannot use htaccess files and you would have to manually delete the htaccess files using FTP or your web host control panel file manager.  If you server/website cannot use htaccess files then go to the Setup Wizard Options page and choose:  Enable|Disable htaccess Files > htaccess Files Disabled.

Regarding your database problem I do not have any logical guesses for why things are not working.  You will need to contact your web host support folks and ask them why that problem is occurring.  No one has ever reported this problem before in the last 6 years.

[A.A. de Groot]

Hi there, I have all the bulletproof modes activated, what can I do to test if they actually work? so in other words, if the htaccess files do not work what action can I do that will fail? or what shouldnt i see?

[AITpro Admin]

@ A.A. de Groot – You can do these Browser URL tests to see if BPS htaccess security rules are working or not.  And of course you can go to the BPS Security Log page and check your Security Log to see if BPS is blocking hackers and spammers.
Notes: Change the domain URL to your actual domain URL. You should see 403 errors for all of these URL tests.

http://www.example.com/index.php?sp_executesql
https://www.example.com/index.php?<*union
https://www.example.com/index.php?src=http://hacker.com/hacker.php
https://www.example.com/index.php?-s allow_url_fopen

[A.A. de Groot]

Im not getting the 403 errors, it just opens the home page, this is an indication it is not working right?

[AITpro Admin]

@ A.A. de Groot – Yes, that would mean your Windows server is ignoring/not processing the BPS htaccess security code rules.  You could have your host support folks switch you to Apache/Linux hosting if you do not have any ASP applications that require Windows hosting.  These BPS Pro security features that use htaccess code will not work on your particular Windows server:  Root BulletProof Mode, wp-admin BulletProof Mode, Plugin Firewall and Uploads Anti-Exploit Guard.

[Author]

Posts