Problems with 5G Blacklist in a localhost installation

I have an installation with many plugins and special PHP modules activated. Probably is ocurring an incompatibility with one of them. We have this sort of problem in the past, more than once.
So, I will do a more detailed investigation, disabling the plugins and special modules, until I find the culprit and then I will inform you by email.

By the way: I installed your plugin, in an absolutely new and pure WordPress installation and, in fact, the 5G blacklist did not prevent me from log out!

Regards,

Aldemar

Hi guys. I guess I found the culprit for this issue: an incompatibility between a WordPress plugin, called bbPress, and the .htaccess firewall rule mentioned formerly (the one that referes to “localhost”). To reproduce the problem, do as follows:

– install WordPress 3.6 or higher in your localhost environment. Log in.
– instal the WordPress plugin bbPress 2.5.3. Activate it.
– insert (manually or via All In One WP Security) the 5G Blacklist Firewall Rules in the .htaccess file.
– Now, try to log out. You will see the following message:

Access forbidden!
You don't have permission to access the requested object. It is either read-protected or not readable by the server.
If you think this is a server error, please contact the webmaster.
Error 403
localhost
Apache/2.4.7 (Win32) OpenSSL/0.9.8y PHP/5.4.25

– Now, deactivate the plugin. You will see that is possible to log out again.

Regards,

Aldemar

That is right. I modified the code of the file wp-security-utility-htaccess.php, removing the word “localhost” on the following lines of code:

$rules .= 'RewriteCond %{QUERY_STRING} ^.*(globals|encode|loopback).* [NC,OR]' . PHP_EOL;

RewriteCond %{QUERY_STRING} (base64_encode|mosconfig) [NC,OR]

RedirectMatch 403 (base64|crossdomain|wwwroot|e107\_)

The first line belong to “Deny Bad Query Strings” configuration, while the second and third lines belong to “5G Firewall Rules”.

After the modifications, the problems involving localhost disappeared.