WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] BPS causes my HTML sites to show Forbiddn (60 posts)

  1. seedplanta
    Member
    Posted 10 months ago #

    Went thru your help and such and by the way love the plugin, but while active I noticed that my other sites (HTML not WP) are showing Forbidden when going to http://example.com the site info is there i.e I can goto specific pages including index.htm and all is well and looks right but the example.com doesnt load the index.htm page instead I get a Forbidden error. I have found when I return to my bakup .htaccess file it works but when I activate BPS I get the error. So I know the problem lies in the .htaccess file but I am not techy enuff to know what to do. Is it safe for me to copy the txt from the bakup .htaccess file to the BPS created file or does this defeat the purpose of BPS security? PLEASE HELP! I perceive its something simple but my knowledge has no clue. Thanks.

    http://wordpress.org/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 10 months ago #

    What site architecture/structure do you have for all of these websites - HTML and WordPress?

    Example:
    an HTML site is in the root folder /
    a WordPress site is in this folder /wordpress
    another HTML site is in this folder /blah
    another WordPress site is in this folder /foobar

  3. seedplanta
    Member
    Posted 10 months ago #

    WP is installed on the root, the HTML sites are subfolders i.e example.com/htmlsite but the WP is installed on the root and thus wp-content folder etc is also in the root just like HTML sites use a subfolder on the root. I hope this makes sense. So here is the layout like your example

    WordPress is in the root folder /
    other WordPress sites are done via MultiSite and use subdomain option not subfolder option
    one HTML site is in this folder /blah
    another HTML site is in this folder /foobar

    I hope that helps.

  4. AITpro
    Member
    Plugin Author

    Posted 10 months ago #

    Ok then here is why the problem is caused and also the solution.

    The Root .htaccess file for the WordPress site is applying it's rules to all subfolders off the root of the site. This is how .htacess files are designed - they are heirarchical/recursive. If an .htaccess file is not found in a subfolder then the root .htaccess file will apply its rules to that subfolder.

    The solution is to add .htaccess files in the HTML sites folders.
    We have created BPS .htaccess files/code here that you can add in your HTML site's folders.
    http://forum.ait-pro.com/forums/topic/bps-html-htaccess-file-for-html-websites-or-subfolders/

  5. Thea
    Member
    Posted 9 months ago #

    AITpro, I have a similar problem in that I need to redirect permalinks on my main domain. I found a redirect script on Yoast which works perfectly, but (as noted above) I now realize that if I put it in my .htaccess file, it applies to my sub-domains too - which I don't want.

    Is there any way I can alter this code so it won't affect the sub-domains, or is there something I can put in the sub-domain's htaccess to prevent it taking effect?

  6. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    I would need to know exactly what you want to do in order to help. ;) Provide examples of what you want to do.

  7. Thea
    Member
    Posted 9 months ago #

    Thanks!

    I've had to change my permalink structure from month/year/postname to /postname to suit a new directory setup. I used this code to do the redirect:

    `RedirectMatch 301 ^/([0-9]{4})/([0-9]{2})/(.*)$ http://bellydanceoz.com/$3'

    and it worked like a charm. Trouble is, it applied to all my sub-domains as well, (which obviously generated 404's, because the slug does not exist on bellydanceoz).

    The solution I was thinking of was this:
    Change the permalink structure on my sub-domains th /postname as well, then I could change "http://bellydanceoz.com" to a wildcard symbol so the redirect would stay within the same domain/sub-domain.

    Trouble is I don't understand the code and I have no idea whether it would work! I know this is not relevant to your plugin but if you could give me a clue it would be much appreciated.

  8. Thea
    Member
    Posted 9 months ago #

    I had never heard of your plugin, by the way - it looks really interesting. Off to study it...

  9. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    The pattern match is this:
    match /4 numbers that are 0-9/2 numbers that are 0-9/match anything
    /2013/09/postname - matches that permalink (your structure that you posted in your comment is a typo). ;) The $3 is called a back reference and it is back referencing the pattern match. And works like a "URL splicer" to keep it simple in laymans terms.

    So yep the same basic principles would apply in your case. Each site should have its own .htaccess files so that each site follows the rules in its own .htaccess file and not another .htaccess file that is applying those rules recursively.

    A subdomain site (true subdomain sites = DNS A or CNAME record pointing to the folder where that subdomain site is installed/located) is considered a root website and the RewriteBase and RewriteRule are these for a subdomain site in this folder /blah or this folder /foobar:

    RewriteBase /
    RewriteRule . /index.php [L]

    You can use the BPS root .htaccess file for your current site and copy it into the subdomain site's folders as is.

    Assuming of course that these are WordPress or another PHP site type. If they are HTML sites then you would use the HTML .htaccess file code.

  10. Thea
    Member
    Posted 9 months ago #

    This is what I don't understand. Each of my sub-domains does have its own .htaccess file already, yet the .htaccess of the main domain is obviously overruling it?

  11. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Are they true subdomain sites or subdirectory sites? A subdomain site is it's own separate domain if you setup a DNS A or CNAME record.

    www.xxx is a separate domain
    subdomain1.xxx is a separate domain
    subdomain2.xxx is a separate domain

    If these are true subdomain sites then the rule you posted above should NOT have any effect on them.

  12. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Ok I looked at your history of posts and I found this:

    bellydanceoz.com
    events.bellydanceoz.com
    shop.bellydanceoz.com

    So did you setup DNS A or CNAME records to point to these folders?
    /events
    /shop

  13. Thea
    Member
    Posted 9 months ago #

    Those aren't the sub-domains which are the problem. Their posts are already in the /postname format so they're not affected.

    The main sub-domain being affected is dressforflamenco.com which I set up as an "add-on domain" in cpanel

  14. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Oh ok you are not talking about a subdomain site at all got it. add-on or aliased domains are a completely different thing then a subdomain site. subdomain is the technical term for a specific site type - a subdomain site.

    Ok so what you can do is something like this for add-on domains:
    Create a rule with .htaccess code for the add-on sites that checks by HOST and will only do rewriting based on the HOST.

    I'll post that code in a minute.

  15. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    What is very strange to me is why these add-on domains are not following their .htaccess files in the first place - very, very strange. It must have something to do with the way your particular web host does add-on domains???

    For reference:
    http://forum.ait-pro.com/forums/topic/htaccess-redirect-www-to-non-www-htaccess-redirect-non-www-to-www/#post-5566

    You would follow the same principle used in the code in the link above to rewrite non-www to www. this will force the correct HOST rewrite.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_HOST} ^domainname\.com$ [NC]
    RewriteRule ^(.*)$ http://www.domainname.com/$1 [R=301,L]
    RewriteRule ^index\.php$ - [L]
  16. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    LOL I never asked you if your add-on domains had .htaccess files. They obviously do not have .htaccess files since this problem is occuring. You just need to create .htaccess files for those other sites. ;) duh.

  17. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Or if there is still some sort of problem then change your code to this code:

    it does the exact same thing except that it checks the HOST

    RewriteCond %{HTTP_HOST} sitename.com [NC]
    RewriteRule ^([^/]+)/([^/]+)/([^/.]+)$ /$1/$2/$3/ [R=301,L]
  18. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Or...

    RewriteCond %{HTTP_HOST} sitename.com [NC]
    RewriteRule ^/([0-9]{4})/([0-9]{2})/(.*)$ http://bellydanceoz.com/$3
  19. Thea
    Member
    Posted 9 months ago #

    Sorry, AIT, I know I am not the best technically but I have just gone to my cpanel and found and opened each of the htaccess files. They're there. I knew they were there already because I've added Analytics code and some eBay coding to them in the past. I'll try your new coding though and thanks for being so generous with your assistance.

  20. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    here is a normal example scenario.
    You have 3 WordPress sites and each of them has their own .htaccess files. each of those WordPress sites will only follow the rules in its own .htaccess file and WordPress will handle permalink rewriting internally on each of those sites. So something unusual is occuring here to create this issue/problem.

    Example:
    If all 3 example WordPress sites are using the standard WordPress .htaccess code then each site will ONLY follow the rules in its own .htaccess file and WordPress will do the permalink rewriting internally with php code. WordPress handles permalink rewriting internally and NOT in the standard .htaccess file/code that WordPress generates.

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    If you have added your RedirectMatch code outside of the WordPress Rewrite Loop then it might be possible that this is affecting other sites, but I have never seen or heard of the problem you are describing before when using the standard WordPress .htaccess code/file.

    For whatever reason this problem is occurring on your main site your .htaccess file should look like this on the bellydanceoz.com site to prevent this problem:

    NOTE: What concerns me about doing this is that WordPress already handles permalink rewriting internally and NOT in the standard WordPress .htaccess code/file. So this may have an undesirable effect since this is very non-standard and is normally already handled by WordPress internally and would not need to be done at all.

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_HOST} ^bellydanceoz\.com [NC]
    RewriteRule ^/([0-9]{4})/([0-9]{2})/(.*)$ http://bellydanceoz.com/$3
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress
  21. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    In the end what I expect will be the best solution will be to create individual RedirectMatch rules and NOT to use Regular Expressions code to try and handle all pattern matches with that one rule.

  22. seedplanta
    Member
    Posted 9 months ago #

    Ok so I just was able to try what you posted but I'm getting 500 errors. if the folder name includes .com does the rules change on how to show Rewrite Rules?

  23. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Ok so I just was able to try what you posted but I'm getting 500 errors.

    What exactly did you use/do?

  24. seedplanta
    Member
    Posted 9 months ago #

    followed instructions for .htaccess file

    # This file is created for HTML websites and HTML websites that are in a root website folder
    # if you HTML website is in a subfolder then you will need to change the RewriteBase and RewriteRules
    # to match that subfolder name/path
    # Example: If an HTML website is in a subfolder called /example-html-website then the RewriteBase and
    # RewriteRule in this file need to be changed using these examples below:
    # RewriteBase /example-html-website/
    # RewriteRule ^/example-html-website/index\.htm$ - [L]
    # RewriteRule . /example-html-website/index.htm [L]
    
    RewriteEngine On
    RewriteBase /foldername\.com/
    RewriteRule ^foldername\.com/index\.htm$ - [L]
    RewriteRule . /foldername\.com/index.htm [L]

    as I stated the folder name contains is example.com and from my original .htaccess file concluded to show .com portion as shown above. I hope this makes sense. Did I code it right or not?

  25. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    If you have a website/domain installed/added in a folder named:

    /example.com

    Then this is a separate domain/website. This is a root website and not a subfolder website so the RewriteBase and RewriteRule is:

    RewriteBase /
    RewriteRule . /index.htm [L]

    If you had another site installed/added in a subfolder named:

    /example.com/subfolder

    Then this is a subfolder site so the RewriteBase and RewriteRule is:

    RewriteBase /subfolder/
    RewriteRule . /subfolder/index.htm [L]
  26. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    I will add these examples on the HTML htaccess files page in the Forum since I can see how the help info I added is not clear about the differences between what is a root website/domain and what is a subfolder website.

  27. leejosepho
    Member
    Posted 9 months ago #

    Maybe tomorrow I will bring my similar questions over here to help keep all of this in one place!

  28. seedplanta
    Member
    Posted 9 months ago #

    Ok tried what I think I understand and still get 500 error, does the rewrite htaccess file go in Root or .com folder? Do I still use entire. htm. htaccess file or not. Htaccess file Originally in.com folder had rules in it

    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^sitename\.com$ [OR]
    RewriteCond %{HTTP_HOST} ^www\.sitename\.com$

    I guess I an getting confused which code to use and where. Sorry.

  29. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    The term "root" is getting you a bit confused so let me give you some examples of root websites.

    Your Document Root folder for your website would be this if your particular Host uses "/public_html/". Some host's use "/html/", some use "/htdocs/" etc etc etc:

    /public_html/ is shortened to just / to signify the root folder for your Hosting account.

    All of these websites are considered root websites.

    / - a website is installed here in the root / of the hosting account
    /WebsiteA.com
    /WebsiteB.com
    /WebsiteC.com

    From everything you have explained so far you have several websites and they are all root websites. The only thing you are doing is what is explained in this link: http://forum.ait-pro.com/forums/topic/bps-html-htaccess-file-for-html-websites-or-subfolders/

    The other comments in this thread are answers to Thea's questions.

  30. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Or you can always just do this for your HTML websites. Create a RewriteEngine Off .htaccess file and put it in each of your HTML website's folders.

    http://forum.ait-pro.com/forums/topic/rewriteengine-off-htaccess-file/

Reply »

You must log in to post.

About this Plugin

About this Topic