WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: AskApache Password Protect] Ask Apache pasword issues (8 posts)

  1. Anonymous
    Unregistered
    Posted 5 years ago #

    Hi

    I uploaded the apache plugin but I could not get into the password so I deleted the plugin(thinking that it will work if I reinstall it again) but it didnt. So now I get this error when I try to login.

    Internal Server Error
    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, webmaster@mysite.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

    --------------------------------------------------------------------------------
    Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at mysite.com Port 80

    Can anyone please advise on how to proceed with this issue because I am not able to even login to my wordpress admin page?

    Thank you in advance

  2. Roy
    Member
    Posted 5 years ago #

    Go to your control panel (PHPmyAdmin, whatever you have) and delete the AskApache lines from ALL htaccess files (WP root, admin folder, etc.). That should undo everything that the plugin did.

  3. Anonymous
    Unregistered
    Posted 5 years ago #

    Yes I do have a (PHPmyAdmin) but I dont see any askapache lines on my htaccess file. Is there a specific folder that askapache may exist other than the htaccess file.

  4. Roy
    Member
    Posted 5 years ago #

    It changes the htaccess in the root, makes one in each folder you selected to protect (wp-admin, etc.) and of course makes the password files. Did you already activate the plugin, made a username, selected the folders and files to protect, etc.?

  5. Anonymous
    Unregistered
    Posted 5 years ago #

    You I didnt even need the plugin because my hosting account already provides a "password protect option" so I created the password protection with them. It does the same thing as apache password protector.

    For everyone who likes to add that extra layer of security make sure you check with your hosting account first and see if they offer that option because its so much easier and not a lot of hassle.

    Hope this helps everyone out there who is struggling with this issue.

  6. Roy
    Member
    Posted 5 years ago #

    I can't make an existing folder password protected, but AskApache does a lot more than just password protect the admin folder! Just look at the options:
    700 Directory Protection
    Enable the DirectoryIndex Protection, preventing directory index listings and defaulting. Disable
    800 Password Protect wp-login.php
    Requires a valid user/pass to access the login page - *** Safe, Use. 401
    900 Password Protect wp-admin
    Requires a valid user/pass to access any non-static (css, js, images) file in this directory. - *** Safe, Use. 401
    1000 Protect wp-content
    Denies any Direct request for files ending in .php with a 403 Forbidden.. May break plugins/themes 401
    1010 Protect wp-includes
    Denies any Direct request for files ending in .php with a 403 Forbidden.. May break plugins/themes 403
    1011 Common Exploits
    Block common exploit requests with 403 Forbidden. These can help alot, may break some plugins. 403
    1012 Stop Hotlinking
    Denies any request for static files (images, css, etc) if referrer is not local site or empty. 403
    1015 Safe Request Methods
    Denies any request not using GET,PROPFIND,POST,OPTIONS,PUT,HEAD - *** Safe, Use. 403
    1017 Forbid Proxies
    Denies any POST Request using a Proxy Server. Can still access site, but not comment. See Perishable Press 403
    1018 Real wp-comments-post.php
    Denies any POST attempt made to a non-existing wp-comments-post.php - *** Safe, Use. 403
    1019 HTTP PROTOCOL
    Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only - *** Safe, Use. 403
    1020 SPECIFY CHARACTERS
    Denies any request for a url containing characters other than "a-zA-Z0-9.+/-?=&" - REALLY helps but may break your site depending on your links. 403
    1021 BAD Content Length
    Denies any POST request that doesnt have a Content-Length Header - *** Safe, Use. 403
    1022 BAD Content Type
    Denies any POST request with a content type other than application/x-www-form-urlencoded|multipart/form-data - *** Safe, Use. 403
    1023 Directory Traversal
    Denies Requests containing ../ or ./. which is a directory traversal exploit attempt - *** Safe, Use. 403
    1025 NO HOST:
    Denies requests that dont contain a HTTP HOST Header. - *** Safe, Use. 403
    1026 Bogus Graphics Exploit
    Denies obvious exploit using bogus graphics - *** Safe, Use. 403
    1027 No UserAgent, No Post
    Denies POST requests by blank user-agents. May prevent a small number of visitors from POSTING. 403
    1028 No Referer, No Comment
    Denies any comment attempt with a blank HTTP_REFERER field, highly indicative of spam. May prevent some visitors from POSTING. 403
    1029 Trackback Spam
    Denies obvious trackback spam. See Holy Shmoly! 403
    1030 SSL-Only Site
    Redirects all non-SSL (https) requests to your https-enabled url 301

    Just a simple example, your /wp-login.php?loggedout=true will not be protected by putting the wp-admin behind a password.

  7. askapache
    Member
    Posted 5 years ago #

    Thanks for the props Gangleri, I'm a day or 2 away from releasing a major update that won't let people shoot themselves in the foot anymore.

    Its pretty amazing how well it works. I had it turned off for about 8 hours while I was working on it, and when I checked back in to activate I had received over 500 spams! Each one of the akismet found spams uses my limited server connections, cpu for each instance of php and mysql, and slows everyone else down. With the anti-spam research I and a few other people are doing for this plugin, its really going to be nice.

    Theres just this whole issue of "coding" the dan thing, which I struggle with but enjoy. This next upgrade is a good one.

  8. askapache
    Member
    Posted 5 years ago #

    BTW, I should probably mention that most of the modules installed in the plugin currently were mostly just cut-and-pasted from my personal .htaccess files. I've been recording and researching various spam using honeypots for the last couple of weeks specifically to find anti-spam and also anti-automated web exploit requests.

    And I've added support for HTTP Digest password authentication like that used by the OpenID systems. Theres a lot planned and a lot to do cuz this really does help the net.

Topic Closed

This topic has been closed to new replies.

About this Topic