Support » Plugin: All-In-One Security (AIOS) – Security and Firewall » Enabling 5G or 6G Blacklist firewall forbids downloads from website

  • Resolved Filipe Costa

    (@filipecostacom)


    Hi!

    When i enable 5G or 6G Blacklist firewall i can’t download files from specific folders on my website. For instance i have “domain.com/downloads/test.exe” and if i enable 5G or 6G Blacklist firewall i’m unable to download that file, or any other file inside that folder!

    Thanks!

    • This topic was modified 6 years, 11 months ago by Filipe Costa.
    • This topic was modified 6 years, 11 months ago by Filipe Costa.
    • This topic was modified 6 years, 11 months ago by Filipe Costa.
Viewing 9 replies - 1 through 9 (of 9 total)
  • Thread Starter Filipe Costa

    (@filipecostacom)

    After some investigation i noticed that the issue comes from

    # 6G:[REQUEST STRINGS]
    (…)
    RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
    (…)

    and i have to delete the extensions i want to allow (in this case the EXE extension). From 6G firewall rules, its odd not to allow the download of rar files, don’t you think?

    I also compared line by line the original 6G from https://perishablepress.com and 6G from AIOWPFS list and i noticed some diferences – aren’t these differences important?

    Line 14
    ORIGINAL 6G
    RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]

    AIOWPFS 6G
    RewriteCond %{QUERY_STRING} (\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]

    Line 17
    ORIGINAL 6G
    RewriteCond %{QUERY_STRING} (\’|\”)(.*)(drop|insert|md5|select|union) [NC]

    AIOWPFS 6G
    RewriteCond %{QUERY_STRING} (‘|\”)(.*)(drop|insert|md5|select|union) [NC]

    Line 39
    ORIGINAL 6G
    RedirectMatch 403 (?i)(=\\\’|=\\%27|/\\\’/?)\.

    AIOWPFS 6G
    RedirectMatch 403 (?i)(=\’|=\%27|/\’/?)\.

    Line 41
    ORIGINAL 6G
    RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\”\\\”)

    AIOWPFS 6G
    RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\”\\”)

    Line 42
    ORIGINAL 6G
    RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|)

    AIOWPFS 6G
    RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\|\s|\{|\}|\[|\]|\|)

    Thanks!

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, did you add the customize changes to the following option WP Security -> Firewall -> Custom Rules? Or did you make the changes in the .htaccess file?

    Thread Starter Filipe Costa

    (@filipecostacom)

    I disabled 6G from AIOWPSF and manually added the 6G from https://perishablepress.com to my .htaccess file.

    But i would prefer to have them enabled in AIOWPSF and somehow add a rule to remove the exe extension on WP Security -> Firewall -> Custom Rules, but i don’t know how to do it.

    Also, aren’t the differences between 6G from https://perishablepress.com and 6G from AIOWPSF important?

    One more thing if you mind, do you now why after opening any option from AIOWPSF, Plesk WordPress Toolkit always says some of the security features i have implemented are changed, like “Permissions for files and directories” that has the following description:
    “If permissions for files and directories do not comply with the security policy, these files can be used to hack your site. After WordPress installation, files and directories can have various permissions. The security check should verify that the permissions for the wp-config file are set to 600, for other files to 644, and for directories to 755. If the security check failed and you choose to secure the WordPress installation, permissions for files and directories will be changed in accordance with WordPress security policy: permissions for the wp-config file will be set to 600, for other files, to 644, and for directories, to 755.”

    Thanks again!

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, you can you use the Custom Rules feature in the plugin to add any customize option from the plugin. This is the reason why the Custom Rules was added to the plugin settings.

    In regards to the changes you found between this plugin and 6G developer, the plugin developers will investigate further.

    In regards to your other question, I am not sure why since I don’t use Plesk WordPress Toolkit.

    Kind regards

    What would a custom rule look like to achieve this?

    I’ve just modified the .htaccess file and removed ‘|exe|’ from the list in the redirectMatch statement

    Plugin Contributor mbrsolution

    (@mbrsolution)

    @mattgilchrist, please check the following instructions. These instructions are for a different feature but they show you how to add custom rules. Let me know if you need more help.

    Thank you

    Yes I saw that, and to me that was override of feature, making a special circumstance for that particular page.

    In this case though the file extension types are set as not allowed to be downloaded (via 403 redirect). Will a later statement (the rule) then block a subset of the original list…ie achieve nothing, just reiterate the block list.

    In other words because this is a block list, adding a rule won’t be able to remove one extension from the block list. Perhaps if I could explicitly allow the extension .exe for this site.

    The only way that I can see it working is me manually modifying the .htaccess file, which gets rewritten every time a change a setting in AIOWPS…

    Have I misread how this works?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, you can allow the extension .exe if that is what you want for your site. Another words you remove the .exe from the rule and add that to the custom rules tab. Then make sure you disable the 6G feature in the plugin.

    I am sure that will work. The custom rules feature is not affected by any plugin updates.

    Let me know if this makes sense to you.

    Regards

    • This reply was modified 6 years, 5 months ago by mbrsolution.

    Yes that makes sense, and it works perfectly thanks.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Enabling 5G or 6G Blacklist firewall forbids downloads from website’ is closed to new replies.