Title: BPS SECURITY / HTTP ERROR LOG
Last modified: August 21, 2016
---
# BPS SECURITY / HTTP ERROR LOG
* Resolved [phoenix13](https://wordpress.org/support/users/phoenix13/)
* (@phoenix13)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/)
* Hi,
* 404, 403, and all… Nothing in security log, not display. Why ?
* NB : BulletProof Security FREE
* Thanks.
* [http://wordpress.org/plugins/bulletproof-security/](http://wordpress.org/plugins/bulletproof-security/)
Viewing 15 replies - 1 through 15 (of 28 total)
1 [2](https://wordpress.org/support/topic/bps-security-http-error-log/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/bps-security-http-error-log/page/2/?output_format=md)
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140597)
* The most likely causes are either the ErrorDocument .htaccess code does not exist
in your root .htaccess file, your Host does not allow the ErrorDocument .htaccess
directive on your website or you have the Sucuri plugin installed and you are
using the wp-content 1-click hardening option:
* [http://forum.ait-pro.com/forums/topic/security-log-no-log-entries-security-log-is-not-logging-errors/](http://forum.ait-pro.com/forums/topic/security-log-no-log-entries-security-log-is-not-logging-errors/)
* Thread Starter [phoenix13](https://wordpress.org/support/users/phoenix13/)
* (@phoenix13)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140646)
* Permalinks structure : /%category%/%postname%.htm
* example.com/;union : error logging not working in BulletProof, but it’s ok in
Better WP Security log !
* No Sucuri plugin installed.
* Creating new Master htaccess files and… No change 🙁
* In htaccess root :
* ```
ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
ErrorDocument 401 default
ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
ErrorDocument 404 /404.php
```
* NB : “File Open and Write test successful! Your Security Log file is writable.”
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140647)
* If you are using another plugin to log errors then most likely the errors will
be logged by that plugin and not BPS. So I assume Better WP Security is overriding
BPS security logging and handling this instead. So basically I guess you would
just use Better WP Security error logging instead of BPS Security logging. Typically
when 2 plugins are doing the same or similar thing then 1 will override the other.
* Thread Starter [phoenix13](https://wordpress.org/support/users/phoenix13/)
* (@phoenix13)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140649)
* I love BulletProof… I want use it ! I erased Better WP Security but… Always BulletProof
log doesn’t work 🙁
How fix ?
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140654)
* Click the Create secure.htaccess File AutoMagic button and activate root folder
BulletProof Mode again to ensure that your root .htaccess file has all the correct.
htaccess code.
* The simplest way to test if Security logging is working is to use this string
in your Browser’s address bar:
Replace example.com with your actual domain name.
example.com/index.php?sp_executesql
* Thread Starter [phoenix13](https://wordpress.org/support/users/phoenix13/)
* (@phoenix13)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140657)
* “Click the Create secure.htaccess File AutoMagic button and activate root folder
BulletProof Mode again to ensure that your root .htaccess file has all the correct.
htaccess code.”
* Check : ok.
* “in your Browser’s address bar:
Replace example.com with your actual domain
name. example.com/index.php?sp_executesql”
* 403 display, but nothing in HTTP ERROR LOG 🙁
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140658)
* Ok then most likely your Host does not allow the .htaccess ErrorDocument directive
to be used on your website or your Host is intercepting those 403 redirects and
logging them in the Host Server error document log file. Ask your Host if they
are restricting/blocking the .htaccess ErrorDocument directive.
* Thread Starter [phoenix13](https://wordpress.org/support/users/phoenix13/)
* (@phoenix13)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140670)
* My website is hosting on my VPS (with PleskPanel)
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140674)
* Are you saying that you have access to the httpd.conf file? If so, post your
AllowOverride directive code in your httpd.conf file.
* [http://httpd.apache.org/docs/current/mod/core.html#allowoverride](http://httpd.apache.org/docs/current/mod/core.html#allowoverride)
* Thread Starter [phoenix13](https://wordpress.org/support/users/phoenix13/)
* (@phoenix13)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140721)
* in log Host Server (for 403) :
* [warn] [client 86.71.213.211] mod_fcgid: stderr: PHP Fatal error: Cannot redeclare
bps_Master_htaccess_folder_bpsbackup_denyall() (previously declared in /var/www/
vhosts/mydomainname.com/httpdocs/wp-content/plugins/bulletproof-security/includes/
functions.php:12) in /var/www/vhosts/mydomainname.com/httpdocs/wp-content/plugins/
bulletproof-security/includes/functions.php on line 27
* Thread Starter [phoenix13](https://wordpress.org/support/users/phoenix13/)
* (@phoenix13)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140722)
* /etc/apache2/httpd.conf :
* ```
ServerLimit 500
StartServers 30
MinSpareServers 30
MaxSpareServers 50
MaxClients 100
MaxRequestsPerChild 700
```
* Nothing else in https.conf at /etc/apache2/
* Thread Starter [phoenix13](https://wordpress.org/support/users/phoenix13/)
* (@phoenix13)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140723)
* /etc/apache2/apache2.conf :
* ```
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.2/ for detailed information about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "foo.log"
# with ServerRoot set to "/etc/apache2" will be interpreted by the
# server as "/etc/apache2/foo.log".
#
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation (available
# at );
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
LockFile ${APACHE_LOCK_DIR}/accept.lock
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers 1
MinSpareServers 1
MaxSpareServers 5
MaxClients 10
MaxRequestsPerChild 0
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
# graceful restart. ThreadLimit can only be changed by stopping
# and starting Apache.
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers 1
MinSpareThreads 1
MaxSpareThreads 4
ThreadLimit 64
ThreadsPerChild 25
MaxClients 10
MaxRequestsPerChild 0
# event MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers 1
MaxClients 10
MinSpareThreads 1
MaxSpareThreads 4
ThreadLimit 64
ThreadsPerChild 25
MaxRequestsPerChild 0
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
Order allow,deny
Deny from all
Satisfy all
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
# Include module configuration:
Include mods-enabled/*.load
Include mods-enabled/*.conf
# Include all the user configurations:
Include httpd.conf
# Include ports listing
Include ports.conf
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
Include conf.d/
# Include the virtual host configurations:
Include sites-enabled/
GracefulShutDownTimeout 3
AddOutputFilter INCLUDES .shtml
AddType text/html .shtml
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
```
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140754)
* `mod_fcgid: stderr: PHP Fatal error: Cannot redeclare...`
* This error indicates that there is something wrong with the folders or files
in the /bulletproof-security folder. FTP to your website and delete the bulletproof
security plugin folder /plugins/bulletproof-security and reinstall BPS.
* I am not familiar with the AccessFileName directive, but you can use AllowOverride
on Debian.
* [http://stackoverflow.com/questions/4111682/why-doesnt-htaccess-have-any-effect](http://stackoverflow.com/questions/4111682/why-doesnt-htaccess-have-any-effect)
* [http://httpd.apache.org/docs/current/mod/core.html#accessfilename](http://httpd.apache.org/docs/current/mod/core.html#accessfilename)
* ```
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
```
* example of local vhost setup using AllowOverride in a vhost conf file.
[http://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7291](http://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7291)
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140756)
* Here is a good Debian specific example:
[http://www.ralf-lang.de/2012/11/26/no-bullshit-1-apache-vhost-config-allowoverride-alldoes-not-activate-mod_rewrite/](http://www.ralf-lang.de/2012/11/26/no-bullshit-1-apache-vhost-config-allowoverride-alldoes-not-activate-mod_rewrite/)
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/#post-4140759)
* Basically all you need to do is add this code to the httpd.conf file. Your Directory
path needs to be your actual real path.
* ```
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order Allow,Deny
Allow from all
```
* [http://serverfault.com/questions/302488/apache2-debian-squeeze-htaccess-disabled](http://serverfault.com/questions/302488/apache2-debian-squeeze-htaccess-disabled)
Viewing 15 replies - 1 through 15 (of 28 total)
1 [2](https://wordpress.org/support/topic/bps-security-http-error-log/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/bps-security-http-error-log/page/2/?output_format=md)
The topic ‘BPS SECURITY / HTTP ERROR LOG’ is closed to new replies.
* 
* [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/)
* [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/)
* [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/)
* [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/)
* [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/)
* 28 replies
* 2 participants
* Last reply from: [phoenix13](https://wordpress.org/support/users/phoenix13/)
* Last activity: [12 years, 8 months ago](https://wordpress.org/support/topic/bps-security-http-error-log/page/2/#post-4140781)
* Status: resolved