Windows IIS – htaccess files

Home Forums BulletProof Security Free Windows IIS – htaccess files

This topic contains 12 replies, has 3 voices, and was last updated by  AITpro Admin 1 year, 4 months ago.

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #12247

    JJ_UK
    Participant

    I am good at CSS and HTML but not a techie. I get this message on my wordpress database.

    WARNING! BPS has detected that your Server is a Windows IIS Server that does not support htaccess rewriting.
    Do NOT activate BulletProof Modes unless you know what you are doing.
    Your Server Type is: Microsoft-IIS/6.0
    WordPress Codex – Using Permalinks – see IIS section

    I don;t know what I am doing, so should I not activate Bulletproof mode as advised – in which case am I even protected?

    Should I be contacting my provider to let me access the Windows IIS Server – I am sure I made some changes to the file permissions a while ago using my ftp server which I thought did that.

    Or do I need a different security plugin that doesn’t require access (but may not be as good)

    Any advice appreciated!!! Many thanks. JJ

    #12251

    AITpro Admin
    Keymaster

    EDIT|UPDATED: 11-4-2016
    https://www.iis.net/downloads/microsoft/url-rewrite
    Windows IIS URL Rewrite 2.0 Extension works With: IIS 7, IIS 7.5, IIS 8, IIS 8.5, IIS 10 to translate Apache htaccess code/rules into rules that can be used by Windows IIS servers.

    —————————————————————-

    • Microsoft IIS 7+ web server with the URL Rewrite 1.1+ module and PHP 5 running as FastCGI

    Your options are:

    Use the ISAPI_Rewrite (typo above on the wordPress.org site – should be ISAPI and not ASAPI) module from Helicon and install it on your server.

    • If your IIS Server has ISAPI_Rewrite installed then you CAN use .htaccess files / BulletProof Modes.
    • IMPORTANT NOTES: If you have an IIS Server you may or may not be able to use .htaccess files and can only use Login Security & Monitoring. If your IIS Server is using the URL Rewrite Module then you can probably use .htaccess files / BulletProof Modes. If you activate BulletProof Modes and your website crashes then FTP to your website and delete the root .htaccess file and the wp-admin .htaccess file. You will not be able to use .htaccess files on your Server/website and can only use Login Security and the other features in BPS.

    Upgrade to IIS 7 with URL Rewrite 1.1+ module and PHP5 running as FastCGI

    Switch your Hosting account type from Windows to Linux.

    #12323

    JJ_UK
    Participant

    Thank you

    #31309

    A.A. de Groot
    Participant

    [Topic has been merged into this relevant Topic]
    Hi,

    I´m on a Windows IIS server and im trying to find a working security plugin for this platform, I´m trying to use the free version first before i buy the pro version.

    I have 1 question and 1 issue:

    1. the plugin creates an .htaccess file, but i take it windows IIS cant do anything with it, so I have to rewrite it into the web.config? do i have to do this for only the root one or also for all the folder ones? and if yes, where are they all located?

    When installing I get the following message:
    BulletProof Security Database Tables Setup
    Error: Unable to create DB Table xx_bpspro_seclog_ignore
    Error: Unable to create DB Table xx_bpspro_login_security
    Error: Unable to create DB Table xx_bpspro_db_backup
    changed the pre for security

    #31312

    AITpro Admin
    Keymaster

    @ A.A. de Groot – See the forum Reply above in this forum topic regarding the Windows IIS URL Rewrite 2.0 Extension.  If you have the Windows IIS URL Rewrite 2.0 Extension installed/enabled on your server/website then your server can use and process Apache htaccess files.

    When you run the BPS Setup Wizard, the Setup Wizard does a Live htaccess file test to see if your website/server can use/process htaccess files/code.  If BPS has created htaccess files for your website then your Windows IIS server can use/process htaccess files and does not need to use a web.config file.  If the BPS Setup Wizard detects that your website/server cannot use htaccess files then htaccess files will be disabled and not created by the Setup Wizard.  Go to the BPS System Info page and copy and post this information below about your website/server:  Note:  Your information may look different than the information below.

    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
    403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
    403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
    403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
    200: mod_rewrite Module is Loaded

    Not sure if the DB table creation issue/problems is related to htaccess files and your IIS server.  It may be a completely different issue/problem.  Re-run the Setup Wizard again and if you see any blue or red font notice or errors then post those notices or errors in your reply.

    #31354

    A.A. de Groot
    Participant

    Hi there,

    Thank you for the reply, I have rerun the wizard twice but I keep getting:
    BulletProof Security Database Tables Setup
    Error: Unable to create DB Table TL_bpspro_seclog_ignore
    Error: Unable to create DB Table TL_bpspro_login_security
    Error: Unable to create DB Table TL_bpspro_db_backup

    For the question you asked about here is the info:
    Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
    200: mod_access_compat is Loaded
    200: mod_rewrite Module is Loaded

    #31355

    AITpro Admin
    Keymaster

    @ A.A. de Groot – Try uninstalling the BPS plugin on the WordPress Plugins page and choose the Complete Uninstall option.  Then reinstall BPS and run the Setup Wizard.  Is there anything unusual about your database?  Do you have a single database or multiple databases?  Have you added any code in your wp-config.php file that does anything with your database?

    #31393

    A.A. de Groot
    Participant

    Hi there,

    I talked with my server guys (it’s a managed server) and they are sure the htaccess files cant be used by the server. Is there a feature i can test wich can only work if the htaccess files work? this way I can be sure the server uses the htaccess files.
    For the table I have uninstalled and reinstalled, same issu, it is a standard db also no code in wp-config

    regards

    #31397

    AITpro Admin
    Keymaster

    @ A.A. de Groot – You already checked the BPS System Info page and posted your server/website info for Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No).  Based on the Live tests your server/website has these Apache Modules and htaccess directives loaded:  mod_access_compat and mod_rewrite.  So you will have to manual testing:  Example:  Activate BulletProof Modes, if everything is working then your website/server can use htaccess files.  If everything is not ok then your website/server cannot use htaccess files and you would have to manually delete the htaccess files using FTP or your web host control panel file manager.  If you server/website cannot use htaccess files then go to the Setup Wizard Options page and choose:  Enable|Disable htaccess Files > htaccess Files Disabled.

    Regarding your database problem I do not have any logical guesses for why things are not working.  You will need to contact your web host support folks and ask them why that problem is occurring.  No one has ever reported this problem before in the last 6 years.

    #31749

    A.A. de Groot
    Participant

    Hi there, I have all the bulletproof modes activated, what can I do to test if they actually work? so in other words, if the htaccess files do not work what action can I do that will fail? or what shouldnt i see?

    #31751

    AITpro Admin
    Keymaster

    @ A.A. de Groot – You can do these Browser URL tests to see if BPS htaccess security rules are working or not.  And of course you can go to the BPS Security Log page and check your Security Log to see if BPS is blocking hackers and spammers.
    Notes: Change the domain URL to your actual domain URL. You should see 403 errors for all of these URL tests.

    http://www.example.com/index.php?sp_executesql
    https://www.example.com/index.php?<*union
    https://www.example.com/index.php?src=http://hacker.com/hacker.php
    https://www.example.com/index.php?-s allow_url_fopen
    #31876

    A.A. de Groot
    Participant

    Im not getting the 403 errors, it just opens the home page, this is an indication it is not working right?

    #31877

    AITpro Admin
    Keymaster

    @ A.A. de Groot – Yes, that would mean your Windows server is ignoring/not processing the BPS htaccess security code rules.  You could have your host support folks switch you to Apache/Linux hosting if you do not have any ASP applications that require Windows hosting.  These BPS Pro security features that use htaccess code will not work on your particular Windows server:  Root BulletProof Mode, wp-admin BulletProof Mode, Plugin Firewall and Uploads Anti-Exploit Guard.

Viewing 13 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.