Support » Plugin: BulletProof Security » ISAPI_Rewrite and Bulletproof

  • Resolved doulos2k


    Hi there – I know one person has asked about this plugin and ISAPI_Rewrite on Windows and you’d replied that you’re not sure due to it being server-side.

    I do control the physical server in my installations, so I’m curious if there’s any way we can test this to see if we can get the .htaccess commands working using this plugin.

Viewing 15 replies - 1 through 15 (of 22 total)
  • Plugin Author AITpro


    Yep, I am still not completely sure if ISAPI_Rewrite will handle all of the directives/security code in the BPS htaccess files. Looking at the Reference link below I see the most of the general htaccess directives are supported, but what I do not know for sure is how “deep” that compatibility goes. Every directive that BPS uses in its htaccess files has a “green” indicator/status, which means fully supported/fully compatible. The only way to know for sure is to actually do a hands on and see what happens. 😉 Please keep me posted on this as I am very curious to know if everything will just work or if tweaking is necessary or it does not work. Thanks.


    Going by the System requirements it looks Server based only, but I could be interpreting that incorrectly. But if you control the Server then this would not be a problem in your case. 😉

    System requirements
    ISAPI_Rewrite can be installed on the following operating systems:

    Windows 2000 with IIS 5
    Windows XP with IIS 5.1
    Windows Server 2003 with IIS 6.0
    Windows Vista with IIS 7.0
    Windows Server 2008 with IIS 7.0
    IIS should be installed on the operating system before installing ISAPI_Rewrite.
    Both 32 and 64 bit versions of Windows are supported, but you need to download distinct installation package for 32 and 64 bit versions.
    Windows Installer 2.0 is required to run installation program. You can download last version of Windows Installer from the Microsoft website.

    On Windows Vista and Windows Server 2008 installation of ISAPI_Rewrite also requires following modules, not installed by default:

    ISAPI Filters
    ISAPI Extensions

    I must have missed something in the documentation because I can’t even seem to get the plugin to do anything right now due to this (I’m assuming). It gives me the IIS alert and the htaccess alerts and asks me to check the “Security Status page” – but when I click that link nothing happens.

    Is there something else I need to do in order to ensure the plugin is activated so that I can attempt to force it to make the htaccess changes? (Working on a test site right now – so there’s no danger.)

    Plugin Author AITpro


    hmm yeah I forgot about that. I believe BPS has been intentionally disabled for use on IIS Servers since this caused some problem for Windows IIS folks in the past that were not aware that .htaccess files are not made for IIS. I will need to go through BPS and see what I can do about that. What you can test for now is if the .htaccess files themselves actually work. Download the secure.htaccess file and upload to your site root folder and rename it to .htaccess.

    I’m sorry if this should be obvious – but I can’t seem to locate where I would download the secure.htaccess file.

    Plugin Author AITpro


    Oops that was my fault. Sorry. The secure.htaccess file is located here: /wp-content/plugins/bulletproof-security/admin/htaccess/secure.htaccess.


    I represent ISAPI_Rewrite support service.
    May I suggest you to take a look at another our product – Helicon Ape which implements much more features than ISAPI_Rewrite. Please see the compatibility chart –

    Helicon Ape is recommended if you are using IIS 7 or higher. For IIS 6 and prior versions ISAPI_Rewrite is still better solution. But for never IIS versions Ape is the best choice as it supports nearly all built-in Apache modules and directives. There are better chances that BPS module will work with Ape without modifications.

    Plugin Author AITpro


    Hello Govorunov,

    I am stating the obvious, but just wanted to get confirmation on this.

    I assume that I am understanding the specs/requirements correctly and that once either ISAPI_Rewrite or Ape is installed and configured on the Server then the htaccess directives/files will be processed on the individual websites hosted on that Server without any additional config necessary for the individual websites?


    If you are installing full trial versions by default – yes. Free version of ISAPI_Rewrite does not support .htaccess. Free version of Ape does support .htaccess files for up to 3 web sites per server, but you need to choose these 3 web sites in the manager. Please note that ISAPI_Rewrite is an IIS ISAPI filter and Ape is managed IIS module. Both can be disabled manually in IIS settings and enabled for individual web sites. With Ape manager program you can disable or enable Ape for individual web sites if you need.

    Plugin Author AITpro


    Excellent! Thank you for the detailed info. Very much appreciated.

    Okay – all error messages saying I don’t have valid htaccess files have disappeared. So, at first blush, things seem to be recognized and operating. So, now, if we can enable the admin panels for BP then we’d be golden… I think.

    Plugin Author AITpro


    Excellent! Okay what I need now is something to be able to check so that I can create a new coding check for this condition.

    Example Condition Check: If is IIS and is X (X being whatever I can check for ISAPI_Rewrite or Ape) then do Y.

    @govorunov – I am not an IIS guru, but am fairly familiar with IIS so is there an identifier of some kind that I can check for from the frontside of a site. I assume the check would have to be for either if a .dll is registered or an extension is loaded. Thanks

    Manual installation package includes the following files:

    ISAPI_Rewrite.dll – this is the ISAPI filter itself
    ISAPI_RewriteProxy.dll – this is ISAPI extension module required for proxy operations
    license.rtf – product EULA
    ISAPI_Rewrite.chm – documentation file
    httpd.conf – sample global configuration file

    I suppose it would be too much to ask to just add a manual preference option:

    If you are running IIS and you are CERTAIN that your server supports .htaccess files (through ISAPI_Rewrite or Helicon APE), check this option to Activate all features.

    Plugin Author AITpro


    Well if I can find the identifier that I can check against then you are talking about a 30 minute fix otherwise you are talking about an additional new feature = 1 to 2 months.

    Aaah. Well, here’s hoping for an identifier. 😀

    Plugin Author AITpro


    Yep, it would be the quick and easy way to get this rolling. I will do some searching around the Internet. I assume this is something simple.

    FYI – for Forms (checkbox, textbox, button, etc.) typically there is going to be anywhere from 200 to 1,000 lines of Form processing code to process whatever the Form is doing.

Viewing 15 replies - 1 through 15 (of 22 total)
  • The topic ‘ISAPI_Rewrite and Bulletproof’ is closed to new replies.