WordPress.org

Ready to get started?Download WordPress

Forums

WP WAF
Got 500 Internal Server Error (9 posts)

  1. fcast
    Member
    Posted 10 months ago #

    Hi Guelfo,
    after have enabled Disable Directory Listing on a test blog I got 500 Internal Server Error, without any access to blog nor backoffice.

    I erased the plugin folder thru FTP, but the error remains. Are there tables to remove from the db? If yes, which ones? What I need to do to completely remove (and later reinstall) the plugin?

    Tx a lot, F.

    http://wordpress.org/extend/plugins/wp-waf/

  2. fcast
    Member
    Posted 10 months ago #

    Solved: renamed plugin's .htaccess and restored original WP's one. Tx anyway.

  3. guelfoweb
    Member
    Plugin Author

    Posted 10 months ago #

    You have modsecurity enabled? Don't check "Disable Directory Listing" option.

  4. fcast
    Member
    Posted 10 months ago #

    I don't know anything about ModSecurity, just that phpinfo says that "mod_security2" is between loaded modules. Of course I won't enable Disable Dir Listing again ;-)

    Today I checked plugin's setting many times, because I had a lot of blocked "attacks" from legitimate spiders, as Opera Mini's, Amazon Kindle's (those mobile browsers access the web through their servers) and Twitter's one, all classified "User Agent Blacklist - Python". And one "attack" from Wikipedia's spider (link checker, I guess), classified as "User Agent Blacklist - Curl"

  5. fcast
    Member
    Posted 10 months ago #

    For your reference, these are their IPs:

    208.80.153.164
    54.241.211.112
    82.145.208.238
    82.145.209.175

  6. guelfoweb
    Member
    Plugin Author

    Posted 10 months ago #

    They are not browsers, but they are all of the BOT (u.a.:libwww-perl, python, curl...)

  7. fcast
    Member
    Posted 10 months ago #

    Yes, as I said they are spiders (bots), used to gather web content to be compressed, often reformatted for small screens and sent to their mobile browsers. Those browzzers, Amazon Silk (http://en.wikipedia.org/wiki/Amazon_Silk) and Opera Mini (http://en.wikipedia.org/wiki/Opera_Mini), access the web through their proxy servers, to speed navigation with a more compressed content (respectively SPDY protocol and OBML, Opera Binary Markup Language). Silk, for instance, can't access the web directly but acts splitting content between direct and compressed. Those bots must be recognized as legitimate and needed, not blocked. Blocking them means to shut out some hundreds of millions of mobile users.

    Wikipedia bot is different: they periodically check and validate links from Wikipedia pages to external reference sites.

    IMHO, you need to whitelist some of their IPs, probably classes of them (I can't guess all IPs they use for bots)

    I forgot to tell that these bots blocks only happened since few days, not more than one week.

  8. guelfoweb
    Member
    Plugin Author

    Posted 10 months ago #

    Ok, you need to add a field to set manually the exclusions. I work to the next version. 2.1 soon!

    Thanks for the feedback,
    Gianni

  9. fcast
    Member
    Posted 10 months ago #

    You're welcome, thank you for your work!

Reply

You must log in to post.

About this Plugin

About this Topic