Support » Plugin: BulletProof Security » BPS causes my HTML sites to show Forbiddn

  • Resolved seedplanta

    (@seedplanta)


    Went thru your help and such and by the way love the plugin, but while active I noticed that my other sites (HTML not WP) are showing Forbidden when going to http://example.com the site info is there i.e I can goto specific pages including index.htm and all is well and looks right but the example.com doesnt load the index.htm page instead I get a Forbidden error. I have found when I return to my bakup .htaccess file it works but when I activate BPS I get the error. So I know the problem lies in the .htaccess file but I am not techy enuff to know what to do. Is it safe for me to copy the txt from the bakup .htaccess file to the BPS created file or does this defeat the purpose of BPS security? PLEASE HELP! I perceive its something simple but my knowledge has no clue. Thanks.

    http://wordpress.org/plugins/bulletproof-security/

Viewing 15 replies - 1 through 15 (of 59 total)
  • Plugin Author AITpro

    (@aitpro)

    What site architecture/structure do you have for all of these websites – HTML and WordPress?

    Example:
    an HTML site is in the root folder /
    a WordPress site is in this folder /wordpress
    another HTML site is in this folder /blah
    another WordPress site is in this folder /foobar

    WP is installed on the root, the HTML sites are subfolders i.e example.com/htmlsite but the WP is installed on the root and thus wp-content folder etc is also in the root just like HTML sites use a subfolder on the root. I hope this makes sense. So here is the layout like your example

    WordPress is in the root folder /
    other WordPress sites are done via MultiSite and use subdomain option not subfolder option
    one HTML site is in this folder /blah
    another HTML site is in this folder /foobar

    I hope that helps.

    Plugin Author AITpro

    (@aitpro)

    Ok then here is why the problem is caused and also the solution.

    The Root .htaccess file for the WordPress site is applying it’s rules to all subfolders off the root of the site. This is how .htacess files are designed – they are heirarchical/recursive. If an .htaccess file is not found in a subfolder then the root .htaccess file will apply its rules to that subfolder.

    The solution is to add .htaccess files in the HTML sites folders.
    We have created BPS .htaccess files/code here that you can add in your HTML site’s folders.

    BPS HTML htaccess file for HTML websites or subfolders

    Thea

    (@dorothy1508)

    AITpro, I have a similar problem in that I need to redirect permalinks on my main domain. I found a redirect script on Yoast which works perfectly, but (as noted above) I now realize that if I put it in my .htaccess file, it applies to my sub-domains too – which I don’t want.

    Is there any way I can alter this code so it won’t affect the sub-domains, or is there something I can put in the sub-domain’s htaccess to prevent it taking effect?

    Plugin Author AITpro

    (@aitpro)

    I would need to know exactly what you want to do in order to help. 😉 Provide examples of what you want to do.

    Thea

    (@dorothy1508)

    Thanks!

    I’ve had to change my permalink structure from month/year/postname to /postname to suit a new directory setup. I used this code to do the redirect:

    `RedirectMatch 301 ^/([0-9]{4})/([0-9]{2})/(.*)$ http://bellydanceoz.com/$3

    and it worked like a charm. Trouble is, it applied to all my sub-domains as well, (which obviously generated 404’s, because the slug does not exist on bellydanceoz).

    The solution I was thinking of was this:
    Change the permalink structure on my sub-domains th /postname as well, then I could change “http://bellydanceoz.com” to a wildcard symbol so the redirect would stay within the same domain/sub-domain.

    Trouble is I don’t understand the code and I have no idea whether it would work! I know this is not relevant to your plugin but if you could give me a clue it would be much appreciated.

    Thea

    (@dorothy1508)

    I had never heard of your plugin, by the way – it looks really interesting. Off to study it…

    Plugin Author AITpro

    (@aitpro)

    The pattern match is this:
    match /4 numbers that are 0-9/2 numbers that are 0-9/match anything
    /2013/09/postname – matches that permalink (your structure that you posted in your comment is a typo). 😉 The $3 is called a back reference and it is back referencing the pattern match. And works like a “URL splicer” to keep it simple in laymans terms.

    So yep the same basic principles would apply in your case. Each site should have its own .htaccess files so that each site follows the rules in its own .htaccess file and not another .htaccess file that is applying those rules recursively.

    A subdomain site (true subdomain sites = DNS A or CNAME record pointing to the folder where that subdomain site is installed/located) is considered a root website and the RewriteBase and RewriteRule are these for a subdomain site in this folder /blah or this folder /foobar:

    RewriteBase /
    RewriteRule . /index.php [L]

    You can use the BPS root .htaccess file for your current site and copy it into the subdomain site’s folders as is.

    Assuming of course that these are WordPress or another PHP site type. If they are HTML sites then you would use the HTML .htaccess file code.

    Thea

    (@dorothy1508)

    This is what I don’t understand. Each of my sub-domains does have its own .htaccess file already, yet the .htaccess of the main domain is obviously overruling it?

    Plugin Author AITpro

    (@aitpro)

    Are they true subdomain sites or subdirectory sites? A subdomain site is it’s own separate domain if you setup a DNS A or CNAME record.

    www.xxx is a separate domain
    subdomain1.xxx is a separate domain
    subdomain2.xxx is a separate domain

    If these are true subdomain sites then the rule you posted above should NOT have any effect on them.

    Plugin Author AITpro

    (@aitpro)

    Ok I looked at your history of posts and I found this:

    bellydanceoz.com
    events.bellydanceoz.com
    shop.bellydanceoz.com

    So did you setup DNS A or CNAME records to point to these folders?
    /events
    /shop

    Thea

    (@dorothy1508)

    Those aren’t the sub-domains which are the problem. Their posts are already in the /postname format so they’re not affected.

    The main sub-domain being affected is dressforflamenco.com which I set up as an “add-on domain” in cpanel

    Plugin Author AITpro

    (@aitpro)

    Oh ok you are not talking about a subdomain site at all got it. add-on or aliased domains are a completely different thing then a subdomain site. subdomain is the technical term for a specific site type – a subdomain site.

    Ok so what you can do is something like this for add-on domains:
    Create a rule with .htaccess code for the add-on sites that checks by HOST and will only do rewriting based on the HOST.

    I’ll post that code in a minute.

    Plugin Author AITpro

    (@aitpro)

    What is very strange to me is why these add-on domains are not following their .htaccess files in the first place – very, very strange. It must have something to do with the way your particular web host does add-on domains???

    For reference:
    http://forum.ait-pro.com/forums/topic/htaccess-redirect-www-to-non-www-htaccess-redirect-non-www-to-www/#post-5566

    You would follow the same principle used in the code in the link above to rewrite non-www to www. this will force the correct HOST rewrite.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_HOST} ^domainname\.com$ [NC]
    RewriteRule ^(.*)$ http://www.domainname.com/$1 [R=301,L]
    RewriteRule ^index\.php$ - [L]
    Plugin Author AITpro

    (@aitpro)

    LOL I never asked you if your add-on domains had .htaccess files. They obviously do not have .htaccess files since this problem is occuring. You just need to create .htaccess files for those other sites. 😉 duh.

Viewing 15 replies - 1 through 15 (of 59 total)
  • The topic ‘BPS causes my HTML sites to show Forbiddn’ is closed to new replies.