Which Custom Code text box do I use to add custom htaccess code?

Home Forums BulletProof Security Pro Which Custom Code text box do I use to add custom htaccess code?

This topic contains 12 replies, has 4 voices, and was last updated by  AITpro Admin 2 years, 10 months ago.

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #129

    AITpro Admin
    Keymaster

    IMPORTANT NOTE:  Very few server types allow these directives to be used in an htaccess file – 99% do not allow this code and 1% do allow this code.  Typically these directives (without using php_value and php_flag in front of the directives) would be added in a custom php.ini file and not an htaccess file.

    Email Question:

    A while back you did the below php codes for me. It shows up in the 3rd box “Custom Code Bottom”

    php_flag log_errors = On
    php_value error_log /home/xxxxx/public_html/wp-content/plugins/bulletproof-security/admin/php/bps_php_error.log
    php_value log_errors_max_len 1024
    php_flag ignore_repeated_errors = On
    php_flag ignore_repeated_source = Off
    php_value error_reporting 6135
    
    php_value memory_limit 128M
    php_value post_max_size 20M
    php_value upload_max_filesize 20M
    php_flag file_uploads = On
    # php_value date.timezone America/Los_Angeles
    
    php_value disable_functions system, exec, passthru, shell_exec, show_source, popen, pclose, pcntl_exec
    
    php_flag asp_tags = Off
    php_flag allow_call_time_pass_reference = Off 
    php_flag allow_url_fopen = Off
    php_flag allow_url_include = Off
    php_flag display_errors = Off
    php_flag display_startup_errors = Off
    php_flag expose_php = Off
    php_flag implicit_flush = Off
    php_value max_execution_time 30
    php_value max_input_time 60
    php_flag magic_quotes_gpc = Off
    php_flag magic_quotes_runtime = Off
    php_flag output_buffering = Off
    php_flag register_globals = Off
    php_flag register_long_arrays = Off
    php_flag register_argc_argv = Off
    php_flag report_memleaks = On
    php_flag safe_mode = Off
    php_flag sql.safe_mode = Off
    php_value variables_order GPCS
    
    php_flag mysql.allow_persistent = Off
    php_flag mysql.trace_mode = Off
    php_value mysql.connect_timeout 30
    
    php_flag define_syslog_variables = Off

    My question is from your email, do you want me to clear out the “3rd” custom code bottom and repasteIt in the first Custom Code Top?

    Attached is two images, which one is correct?

    Thomas

    Answers:

    The Custom Code text boxes each serve a separate purpose and your custom code will be added to your root .htaccess file in the correct place depending on what type of custom .htaccess code that it is.  All 3 of the Root .htaccess Custom Code text boxes will write your custom .htaccess code separately and to different places in your root .htaccess file.  You could have .htaccess custom code in each of the 3 separate Custom Code text boxes and that custom .htaccess code will be written to the appropriate place in your root .htaccess file.

    So the direct answer to your question is this is entirely up to you to decide in this particular case because the php_value and php_flag .htaccess code that you are using for your particular website can go in either the  CUSTOM CODE TOP: text box or the CUSTOM CODE BOTTOM: text box.  So you can either combine all the code into the top text box or have the code in both text boxes – either way is fine for this particular type of custom .htaccess code.  VERY IMPORTANT!  If you are currently using or have php.ini handler .htaccess code in your root .htaccess file then you will also need to add that php.ini handler .htaccess code in the CUSTOM CODE TOP: text box along with the AddType x-mapp-php5 .php question from your previous email question custom .htaccess code that you are adding to Custom Code.  I believe that you do not have php.ini handler code in your root .htaccess file but double check that.  You would see that php.ini handler code instead of this text below in your root .htaccess file.  If you see this text below then you do not have php.ini handler .htaccess code for your particular website.

    # ADD A PHP HANDLER# If you are using a PHP Handler add your web hosts PHP Handler below

    # HOST SPECIFIC HTACCESS CODE FOR CUSTOM PHP.INI FILES# Not all web hosts require .htaccess code for custom php.ini files.# To see a complete list of web hosts that BPS is detecting, hosts that do not# require .htaccess code for custom php.ini files and Help and FAQ for custom php.ini files# Go to the AITpro Custom php.ini FAQ and Help page link shown below.# http://www.ait-pro.com/aitpro-blog/3576/bulletproof-security-pro/custom-php-ini-faq/

    CUSTOM CODE TOP: Add php.ini handler code and / or miscellaneous custom code hereThe CUSTOM CODE TOP text area should really ONLY be used for php.ini handler code if BPS is unable to detect your Web Host. You can add your php.ini handler code and miscellaneous custom htaccess code in the CUSTOM CODE TOP text area together, but it is recommended that you ONLY use this text area for your php.ini handler code if your website requires php.ini handler code in your Root htaccess file. BPS Pro ONLY: If BPS Pro is unable to detect your Web Host when you have a Private Name Server, you are using CloudFlare, you are using Pipe DNS or some other service that is blocking your true Web Host Name Servers and DNS information. The CUSTOM CODE BOTTOM text area should be used for miscellaneous custom htaccess code.

    CUSTOM CODE PLUGIN FIXES: Add ONLY personal plugin fixes code hereThis text area is for plugin fixes that are specific to your website. BPS already has some plugin fixes included in the Root htaccess file. Adding additional plugin fixes for your personal plugins on your website goes in this text area. For each plugin fix that you add above RewriteRule . – [S=12] you will need to increase the S= number by one. For Example: if you added 2 plugin fixes above the Adminer plugin fix they would be htaccess Skip rules #13 and #14 – RewriteRule . – [S=13] and RewriteRule . – [S=14]. If you added a third Skip rule above #13 and #14 it would be Skip rule #15 – RewriteRule . – [S=15].

    CUSTOM CODE BOTTOM: Add miscellaneous custom htaccess code here You can save any miscellaneous custom htaccess code here as long as it is valid htaccess code or if it is just plain text then you will need to comment it out with a pound sign # in front of the text.

    #19226

    YoolsLoganta
    Participant

    Hi there,

    My hosting company adds a custom login screen in front of wordpress. I want to have it removed, and they told me to add this code to the .htaccess: SetEnvIf Host "^.*$" NoBlock In which Custom Code field should I add this?

    Thank you,
    Stefaan

    #19229

    AITpro Admin
    Keymaster

    I assume this is stand alone miscellaneous custom code so add it to this Custom Code text box:  CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here .

    #19232

    AITpro Admin
    Keymaster

    test delete me

    #19243

    YoolsLoganta
    Participant

    I hope you’re not deleted : ) Thanks for the quick reply!

    #19245

    AITpro Admin
    Keymaster

    Thanks I forgot to undelete myself.  😉  I am test driving this experimental BuddyPress code. So far so good – the sky has not fallen on my head:  http://forum.ait-pro.com/forums/topic/buddypress-activity-stream-duplicate-content-content-not-updated/

    #19576

    jenni101
    Participant

    [Topic has been merged into this similar Topic]

    Hi there,

    Firstly, thank you again for sorting out the recent mess I got into with the last BPS update. All still running smoothly, and I’m now adding in (1 by 1!) some of my previous custom code that I think is important.

    One thing i thought i had to add into the BPS Custom code header was info from my root php.ini file – as our hosting company had previously added this file for us to increase the php limits to accommodate our 3rd party image library software, which is in a sub-folder of our root install (ie. mysite.com/imagelibrary).

    The code in my root php.ini file is this:

    upload_max_filesize = 128M
    post_max_size = 512M
    memory_limit = 1024M
    max_input_time = 300

    and what I added into the top section of my BPS custom code was this:

    # PHP/PHP.INI HANDLER/CACHE CODE
    # Use BPS Custom Code to add php/php.ini Handler and Cache htaccess code and to save it permanently.
    # Most Hosts do not have/use/require php/php.ini Handler htaccess code
    upload_max_filesize = 128M
    post_max_size = 512M
    memory_limit = 1024M
    max_input_time = 300

    But as soon as I’d saved it, the site broke and I had to remove it from my htaccess file on the server to get in and remove it again from BPS.

    So my questions are:
    1. if the code is already in a php.ini file in my site root, do I need to add it into my BPS custom code too?
    2. if so, what have I done incorrectly for it to break my site?

    Many thanks.

    #19582

    AITpro Admin
    Keymaster

    1. The code you posted above can ONLY be used in a php.ini file and NOT in an htaccess file.  See examples at the beginning of this topic of valid directive code that could be used in an htaccess file, BUT very few server types allow those directives to be used in an htaccess file – 99% do not allow that code and 1% do allow that code. The php.ini directives in your php.ini file are already telling your server which settings you want to use so no you would not duplicate those settings anywhere else.

    #19600

    jenni101
    Participant

    OK, got it! Just got confused about what ‘special’ code had to be added in here.

    Thanks for clarifying it.

    #19601

    AITpro Admin
    Keymaster

    Yep no problem.

    #24431

    Jeff Kayser
    Participant

    [Topic has been merged into this relevant Topic]

    Hello, BPS.

    I have a website http://www.dbdr.com that is a WordPress site (via bluehost).  It is being protected by BPS Pro.  I’ve added a “Addon” domain kylekempton.com, whose top-level directory is ./public_html/kylekempton.  The content is HTTP and CSS (not WordPress).  At first, it wasn’t working.  Bluehost told me to rename the ./public_html/.htaccess to ./public_html/.htaccess.old, and then the new site worked OK.  So, the issue is something in the .htaccess file.  To try to make it work, I put the BPS Pro .htaccess file back in place, and modified it using the BPS Pro UI.  I commented out this line:

    # DO NOT SHOW DIRECTORY LISTING
    # If you are getting 500 Errors when activating BPS then comment out Options -Indexes
    # by adding a # sign in front of it. If there is a typo anywhere in this file you will also see 500 errors.
    Options -Indexes

    That fixed it; the site was working.  However, when I check it a day later, the comment has been removed, and the add-on site kylekempton.com no longer works. If I want to allow the file: ./public_html/kylekempton/index.htm to work, how should I do that?

    #24436

    AITpro Admin
    Keymaster

    To add and save htaccess customizations permanently use BPS Custom Code.  The steps to add/save the DO NOT SHOW DIRECTORY LISTING htaccess code and the DIRECTORY INDEX FORCE INDEX.PHP htaccess code to BPS Custom Code are below:

    1. Copy the modified/customized code below to this BPS Root Custom Code text box:  CUSTOM CODE DO NOT SHOW DIRECTORY LISTING/DIRECTORY INDEX
    2. Click the Save Root Custom Code button to save your Root custom code.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # DO NOT SHOW DIRECTORY LISTING
    # Disallow mod_autoindex from displaying a directory listing
    # If a 500 Internal Server Error occurs when activating Root BulletProof Mode
    # copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code
    # and paste it into BPS Custom Code and comment out Options -Indexes
    # by adding a # sign in front of it.
    # Example: #Options -Indexes
    #Options -Indexes
    
    # DIRECTORY INDEX FORCE INDEX.PHP
    # Use index.php as default directory index file. index.html will be ignored.
    # If a 500 Internal Server Error occurs when activating Root BulletProof Mode
    # copy the entire DO NOT SHOW DIRECTORY LISTING and DIRECTORY INDEX sections of code
    # and paste it into BPS Custom Code and comment out DirectoryIndex
    # by adding a # sign in front of it.
    # Example: #DirectoryIndex index.php index.html /index.php
    #DirectoryIndex index.php index.html /index.php
    #24439

    AITpro Admin
    Keymaster

    Another approach that is probably much better would be to create a skip/bypass rule for the kylekempton child website.  I am assuming that the dbdr.com site is installed in your hosting account root folder /public_html/ and also that the kylekempton child website’s folder name is:  /kylekempton/.

    htaccess Files for Multiple Website Domains – hierarchy, structure, relationship
    http://forum.ait-pro.com/forums/topic/htaccess-files-for-multiple-website-domains/

    See this forum topic for how to add this code below to BPS Root Custom Code: http://forum.ait-pro.com/forums/topic/custom-applications-outside-of-wordpress-3rd-party-apps/#post-13664

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    # Do not apply rules to other child websites &
    # do not log errors for these child sites
    RewriteRule ^kylekempton/ - [L]
Viewing 13 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.