WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[Plugin: Better WP Security] Security measure breaking MS images (2 posts)

  1. DomenLo
    Member
    Posted 2 years ago #

    Howdy. I noticed this fella

    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|e|"|;|\?|\*|=$).* [NC,OR]

    that's inside

    RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(bash|git|hg|log|svn|swp|cvs) [NC,OR]
    RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
    RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
    RewriteCond %{QUERY_STRING} http\:  [NC,OR]
    RewriteCond %{QUERY_STRING} https\:  [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|e|"|;|\?|\*|=$).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(request|select|concat|insert|union|declare).* [NC]
    RewriteCond %{QUERY_STRING} !^loggedout=true
    RewriteCond %{QUERY_STRING} !^action=rp
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
    RewriteRule ^(.*)$ - [F,L]

    Is breaking multisite images, which are called by:

    RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Interesting... I will take a look as it hasn't affected images on my own multi-sites.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic