WP REWRITE LOOP – PHPMyAdmin Problems

Home Forums BulletProof Security Free WP REWRITE LOOP – PHPMyAdmin Problems

This topic contains 11 replies, has 2 voices, and was last updated by  TRA 4 years, 7 months ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #11157

    TRA
    Participant

    Thanks for the GREAT Plugin!
    Multisites different network setups and versions make it difficult to [obsolete-removed] the correct WP REWRITE LOOP htaccess code.
    In BPS 49.6 the variables bpsMUSDirBottom and bpsMUSDomBottom display after # END BPSQSE BPS QUERY STRING EXPLOITS when creating the [obsolete-removed] files.

    Example:
    # WP REWRITE LOOP START
    # REQUEST METHODS FILTERED
    # PLUGINS/THEMES AND VARIOUS EXPLOIT FILTER SKIP RULES
    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # BEGIN BPSQSE BPS QUERY STRING EXPLOITS
    # WP REWRITE LOOP END

    Problem:
    PHPMyAdmin gives a 403 forbidden error when trying to access user privileges. Would this be OK?
    I moved the # WP REWRITE LOOP END under # WP REWRITE LOOP START and all was ok with PHPMyAdmin. It would also make it very easy to Custom Code for multisites in Root htaccess File Custom Code / CUSTOM CODE WP REWRITE LOOP START.  Having it all together you can change as needed.

    Example:
    # WP REWRITE LOOP START
    # WP REWRITE LOOP END
    # REQUEST METHODS FILTERED
    # PLUGINS/THEMES AND VARIOUS EXPLOIT FILTER SKIP RULES
    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # BEGIN BPSQSE BPS QUERY STRING EXPLOITS

    In admin/options.php:
    // Create Secure htaccess master Root file – MU Subdirectory

    if (fwrite($handle, $bps_secure_content_top.$phpiniHCode.$bps_secure_content_top_two.$bps_secure_server_protocol.$bps_secure_error_logging.$bps_secure_dot_server_files.$bpsBeginWP.$bpsMUSDirTop.$bpsMUSDirBottom.$bps_secure_content_mid_top.$bps_secure_begin_plugins_skip_rules_text.$CustomCodeTwo.$bps_secure_content_mid_top2.$bps_secure_timthumb_misc.$bps_secure_BPSQSE..$bps_secure_content_bottom.$bps_secure_end_wordpress_text.$CustomCodeThree) === FALSE)
    
    // Create Secure htaccess master Root file - MU Subdomain
    if (fwrite($handle, $bps_secure_content_top.$phpiniHCode.$bps_secure_content_top_two.$bps_secure_server_protocol.$bps_secure_error_logging.$bps_secure_dot_server_files.$bpsBeginWP.$bpsMUSDomTop.$bpsMUSDomBottom.$bps_secure_content_mid_top.$bps_secure_begin_plugins_skip_rules_text.$CustomCodeTwo.$bps_secure_content_mid_top2.$bps_secure_timthumb_misc.$bps_secure_BPSQSE.$bps_secure_content_bottom.$bps_secure_end_wordpress_text.$CustomCodeThree) === FALSE)
    #11158

    AITpro Admin
    Keymaster

    The Rewrite Loop must include the security filters or else they will not be used at all.  Or in other words, the website does not have any security applied to it.

    The BPS Network/Multisite sudirectory and subdomain code works correctly without any problems as it already is so what needs to happen instead is to post the error in your Security Log to determine what whitelist or skip/bypass rule needs to be created for the phpMyAdmin issue.  Is this a phpMyAdmin plugin?  If so, what is the name of the plugin?

    #11162

    TRA
    Participant

    Thanks for the quick response
    Re: “The BPS Network/Multisite sudirectory and subdomain code works correctly”
    [obsolete-removed] posts multisite code but needs to be altered according to network type and version. Posts older version info.
    No the application PHPMYAdmin
    Here is the error in Logs:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - November 12, 2013 - 11:36 am <<<<<<<<<<<
    REMOTE_ADDR: 68.106.11.202
    Host Name: my wan
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //mydomain.com/pma/server_privileges.php?token=60dff7a34845a24885a6858e69532d5a
    REQUEST_URI: /pma/server_privileges.php?token=60dff7a34845a24885a6858e69532d5a&username=direct_rc&hostname=localhost&dbname=&tablename=
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (MacintoshMyStuff
    #11164

    AITpro Admin
    Keymaster

    Is this: /pma/server_privileges.php a 3rd party application outside of WordPress?
    If it is a 3rd party application then this is the RewriteRule you would use.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    # RewriteRule for Custom Apps outside of WP
    RewriteRule ^pma/ - [L]
    
    ...the rest of the Network .htaccess code below for either a subdirectory or subdomain site
    #11170

    TRA
    Participant

    The application phpMyAdmin 3.1.0

    #11171

    AITpro Admin
    Keymaster

    I see that WordPress has changed Network .htaccess code based on WP version.  This poses a very interesting problem:  “WordPress 3.5+ ONLY use this if you STARTED Multisite on 3.5. If you upgraded from 3.4 to 3.5, use the old one!” http://codex.wordpress.org/Multisite_Network_Administration#.htaccess_and_Mod_Rewrite

    phpMyAdmin is in your web host Control Panel so BPS would not be able to affect your Control Panel.  What is the /pma/ folder?

    #11172

    AITpro Admin
    Keymaster

    Oh wait a minute.  Is this a Local Development Server (XAMPP, MAMP, WAMP or LAMP) installed on your computer or a Web Host Server?

    #11174

    TRA
    Participant

    I have not yet moved to Cpanel.  Apache Linux host with separate installed phpmyAdmin.  So I will try your rule. I know “WordPress has changed Network .htaccess code”  I know what correct code to use but I can not figure how to get it in your custom code, without pasting all of the # BEGIN BPSQSE BPS QUERY STRING EXPLOITS.

    Is there another way?
    Thanks
    __________

    Web Host Server LAMP
    Your “# RewriteRule for Custom Apps outside of WP” worked like a charm.
    Thanks so much!
    Could there be a custom code window for the # WP REWRITE LOOP END for multistes to use?

    #11178

    AITpro Admin
    Keymaster

    First off thanks for letting me know Network/Multisite .htaccess code has been changed.  I was not aware of that and it looks like it happened a long time ago / many WP versions ago.  sigh.

    Great!  Glad to hear that worked.  Actually you would copy your WP REWRITE LOOP START code with /pma RewriteRule to this Custom Code text box:  

    Example:

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    # RewriteRule for Custom Apps outside of WP
    RewriteRule ^pma/ - [L]
    
    ...the rest of the Network .htaccess code below for either a subdirectory or subdomain site
    #11179

    AITpro Admin
    Keymaster

    Oh and yeah you would need to split the code up.  I assume you are using newer Network .htaccess code so I would need to look at how to best split the Start and End of that new code.  give me a few minutes to figure that out.

    #11180

    AITpro Admin
    Keymaster

    Yeah damn there is no quick and easy solution.  Any way we will get a new version of BPS out ASAP since this is a serious issue that needs to be taken care of ASAP.  We will do the same check / hook into whatever WP is checking for to write the correct .htaccess code for the WP version etc.  So that when you click the [obsolete-removed] buttons in the next BPS version then the correct .htaccess WP REWRITE LOOP END code will be automatically written to your root .htaccess file.  For now just edit your root .htaccess file manually with the BPS .htaccess File Editor.

    #11181

    TRA
    Participant

    “many WP versions” I don’t know how you keep up.  That’s the truth they have been going like mad.  I have 3.7.1

    Thanks for all the help!

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.