WordPress.org

Ready to get started?Download WordPress

Forums

WP WAF
Got 500 Internal Server Error (9 posts)

  1. fcast
    Member
    Posted 1 year ago #

    Hi Guelfo,
    after have enabled Disable Directory Listing on a test blog I got 500 Internal Server Error, without any access to blog nor backoffice.

    I erased the plugin folder thru FTP, but the error remains. Are there tables to remove from the db? If yes, which ones? What I need to do to completely remove (and later reinstall) the plugin?

    Tx a lot, F.

    http://wordpress.org/extend/plugins/wp-waf/

  2. fcast
    Member
    Posted 1 year ago #

    Solved: renamed plugin's .htaccess and restored original WP's one. Tx anyway.

  3. guelfoweb
    Member
    Plugin Author

    Posted 1 year ago #

    You have modsecurity enabled? Don't check "Disable Directory Listing" option.

  4. fcast
    Member
    Posted 1 year ago #

    I don't know anything about ModSecurity, just that phpinfo says that "mod_security2" is between loaded modules. Of course I won't enable Disable Dir Listing again ;-)

    Today I checked plugin's setting many times, because I had a lot of blocked "attacks" from legitimate spiders, as Opera Mini's, Amazon Kindle's (those mobile browsers access the web through their servers) and Twitter's one, all classified "User Agent Blacklist - Python". And one "attack" from Wikipedia's spider (link checker, I guess), classified as "User Agent Blacklist - Curl"

  5. fcast
    Member
    Posted 1 year ago #

    For your reference, these are their IPs:

    208.80.153.164
    54.241.211.112
    82.145.208.238
    82.145.209.175

  6. guelfoweb
    Member
    Plugin Author

    Posted 1 year ago #

    They are not browsers, but they are all of the BOT (u.a.:libwww-perl, python, curl...)

  7. fcast
    Member
    Posted 1 year ago #

    Yes, as I said they are spiders (bots), used to gather web content to be compressed, often reformatted for small screens and sent to their mobile browsers. Those browzzers, Amazon Silk (http://en.wikipedia.org/wiki/Amazon_Silk) and Opera Mini (http://en.wikipedia.org/wiki/Opera_Mini), access the web through their proxy servers, to speed navigation with a more compressed content (respectively SPDY protocol and OBML, Opera Binary Markup Language). Silk, for instance, can't access the web directly but acts splitting content between direct and compressed. Those bots must be recognized as legitimate and needed, not blocked. Blocking them means to shut out some hundreds of millions of mobile users.

    Wikipedia bot is different: they periodically check and validate links from Wikipedia pages to external reference sites.

    IMHO, you need to whitelist some of their IPs, probably classes of them (I can't guess all IPs they use for bots)

    I forgot to tell that these bots blocks only happened since few days, not more than one week.

  8. guelfoweb
    Member
    Plugin Author

    Posted 1 year ago #

    Ok, you need to add a field to set manually the exclusions. I work to the next version. 2.1 soon!

    Thanks for the feedback,
    Gianni

  9. fcast
    Member
    Posted 1 year ago #

    You're welcome, thank you for your work!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic