WordPress.org

Ready to get started?Download WordPress

Forums

All In One WP Security & Firewall
[resolved] Problem with Super Cache (7 posts)

  1. Belline
    Member
    Posted 1 year ago #

    It's seem Super Cache doesn't work with AIOWS&F because the cache is protect by htaccess.

    http://wordpress.org/extend/plugins/all-in-one-wp-security-and-firewall/

  2. mra13
    Member
    Plugin Author

    Posted 1 year ago #

    Can you please tell me which Firewall rule causes the issue you are describing? I am guessing you have enabled some firewall rules via this plugin on your site?

  3. Belline
    Member
    Posted 1 year ago #

    Not sure, but i think it's "Bad Query Strings"

    I can't use the administrative interface for several plugins when it's active.

  4. AITpro
    Member
    Posted 1 year ago #

    The .htaccess code is too generalized and will block a lot of "good" things as opposed to mostly "bad" things.

    Just need to go through the wp-security-utility-htaccess.php and change most of the rules. FYI the 5G Blacklist is very useful, but once again it is too generalized and you will need to target conditions more specifically. Been there done that years ago with BPS. ;) Nice start guys! Good luck.

    $rules .= AIOWPSecurity_Utility_Htaccess::$deny_bad_query_strings_marker_start . PHP_EOL; //Add feature marker start
                $rules .= 'RewriteCond %{QUERY_STRING} ../    [NC,OR]' . PHP_EOL;
                //$rules .= 'RewriteCond %{QUERY_STRING} boot.ini [NC,OR]' . PHP_EOL;
                $rules .= 'RewriteCond %{QUERY_STRING} tag=     [NC,OR]' . PHP_EOL;
                $rules .= 'RewriteCond %{QUERY_STRING} ftp:     [NC,OR]' . PHP_EOL;
                $rules .= 'RewriteCond %{QUERY_STRING} http:    [NC,OR]' . PHP_EOL;
                $rules .= 'RewriteCond %{QUERY_STRING} https:   [NC,OR]' . PHP_EOL;
                $rules .= 'RewriteCond %{QUERY_STRING} mosConfig [NC,OR]' . PHP_EOL;
                //$rules .= 'RewriteCond %{QUERY_STRING} ^.*([|]|(|)||\'|"|;|?|*).* [NC,OR]' . PHP_EOL;
                //$rules .= 'RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]' . PHP_EOL;
                //$rules .= 'RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127.0).* [NC,OR]' . PHP_EOL;
                $rules .= 'RewriteCond %{QUERY_STRING} ^.*(globals|encode|config|localhost|loopback).* [NC,OR]' . PHP_EOL;
                $rules .= 'RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]' . PHP_EOL;
                $rules .= 'RewriteRule ^(.*)$ - [F,L]' . PHP_EOL;
                $rules .= AIOWPSecurity_Utility_Htaccess::$deny_bad_query_strings_marker_end . PHP_EOL; //Add feature marker end
  5. mra13
    Member
    Plugin Author

    Posted 1 year ago #

    Thank you for the details. Please don't use the "Bad Query Strings" firewall option on your site for the time being (it is one of the advanced firewall features). That one does have the potential to block a few other things as AITpro pointed out (thank you for the suggestion).

    I don't want to just remove the ruleset blindly to make it work with a plugin though (someone else might still find some of those rules useful). I think we can split it into smaller ruleset so you get more granularity in terms of which ones you activate on your site. Something to work on for the next version.

  6. AITpro
    Member
    Posted 1 year ago #

    What has been working really well for me is to do this. Minimal good things blocked - maximum bad things blocked. By creating 2 matching conditions (groups) like this you can refine things down to what is really going to be bad. ;)
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

  7. mra13
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks for the tip. Much appreciated.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.