If the User-Agent is Mozilla, then access is permitted:
77.88.4.229 - [11/Oct/2013: 17:14:29 +0400] "GET / booking.xml HTTP/1.0" 200 939 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv: 24.0) Gecko/20100101 Firefox/24.0 "
How to give access to this file for any User-Agent?
Plugin Author
AITpro
(@aitpro)
The Server Protocol is HTTP/1.0 – so this is most likely a spammer or a hacker.
I add code to .htaccess and it’s allow access to XYZ.xml
RewriteEngine on
RewriteCond %{REQUEST_URI} XYZ\.xml$
RewriteRule .* - [L]
This does not break security of the site?
Plugin Author
AITpro
(@aitpro)
Yes, that would work, but as I stated above most likely these are hackers or spammers. So you would not want to create an exception for hackers or spammers.
My code affects only the XYZ.xml file on the root? Am I right?
It’s not hackers. 🙂 It is one of bots Yandex (Russian search engine) 🙂
Plugin Author
AITpro
(@aitpro)
If the Request is legitimate then what is being blocked is Server Protocol HTTP/1.0 so just remove this code from your root .htaccess file. Usually only hackers and spammers use Server Protocol HTTP/1.0, but some older software/apps may be involved here.
# BRUTE FORCE LOGIN PAGE PROTECTION
# Protects the Login page from SpamBots & Proxies
# that use Server Protocol HTTP/1.0 or a blank User Agent
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
RewriteCond %{HTTP_USER_AGENT} ^(|-?)$ [NC,OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ - [F,L]
Thanks! Problem is solved! 🙂