Title: askapache's Replies - page 9 | WordPress.org

---

# askapache

  [  ](https://wordpress.org/support/users/askapache/)

 *   [Profile](https://wordpress.org/support/users/askapache/)
 *   [Topics Started](https://wordpress.org/support/users/askapache/topics/)
 *   [Replies Created](https://wordpress.org/support/users/askapache/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/askapache/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/askapache/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/askapache/engagements/)
 *   [Favorites](https://wordpress.org/support/users/askapache/favorites/)

 Search replies:

## Forum Replies Created

Viewing 15 replies - 121 through 135 (of 137 total)

[←](https://wordpress.org/support/users/askapache/replies/page/8/?output_format=md)
[1](https://wordpress.org/support/users/askapache/replies/?output_format=md) [2](https://wordpress.org/support/users/askapache/replies/page/2/?output_format=md)
[3](https://wordpress.org/support/users/askapache/replies/page/3/?output_format=md)…
[8](https://wordpress.org/support/users/askapache/replies/page/8/?output_format=md)
9 [10](https://wordpress.org/support/users/askapache/replies/page/10/?output_format=md)
[→](https://wordpress.org/support/users/askapache/replies/page/10/?output_format=md)

 *   Forum: [Installing WordPress](https://wordpress.org/support/forum/installation/)
   
   In reply to: [[Plugin: AskApache Password Protect] Installation htaccess issues](https://wordpress.org/support/topic/plugin-askapache-password-protect-installation-htaccess-issues/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/plugin-askapache-password-protect-installation-htaccess-issues/#post-753808)
 * It turns out that support for the 2nd parameter of sha1 just isn’t there for 
   older php versions.. luckily I was able to to find a workaround hack using pack
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [[Plugin: AskApache Password Protect] htaccess support not found?](https://wordpress.org/support/topic/plugin-askapache-password-protect-htaccess-support-not-found/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/plugin-askapache-password-protect-htaccess-support-not-found/#post-753792)
 * I’m releasing a new version in a couple hours.. try that one. 🙂
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [[Plugin: AskApache Password Protect] htaccess support not found?](https://wordpress.org/support/topic/plugin-askapache-password-protect-htaccess-support-not-found/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/plugin-askapache-password-protect-htaccess-support-not-found/#post-753785)
 * That message will only show up if the final test fails.
 * The final test is actually pretty freaking sweet, what it does is create a temporary
   directory with an .htaccess file similar to the one this plugin installs in your
   wp-admin folder. It then uses fsockopen, a function almost all php installations
   have, to request the password protected page. If the response from the server
   returned 500 or 200, then this plugin wouldn’t work for your wp-admin folder 
   either.
 * I’m hacking the code right now so stay tuned for an update.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [[Plugin: AskApache Password Protect] htaccess support not found?](https://wordpress.org/support/topic/plugin-askapache-password-protect-htaccess-support-not-found/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/plugin-askapache-password-protect-htaccess-support-not-found/#post-753684)
 * That is the last resort the plugin takes, it means your current server or server
   configuration does not work with ANY of the 4 available .htpasswd encryption 
   algorithms.
 * I will be adding support for non-apache hosted blogs in the future.
 *   Forum: [Installing WordPress](https://wordpress.org/support/forum/installation/)
   
   In reply to: [[Plugin: AskApache Password Protect] Installation htaccess issues](https://wordpress.org/support/topic/plugin-askapache-password-protect-installation-htaccess-issues/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/plugin-askapache-password-protect-installation-htaccess-issues/#post-753677)
 * Sure sounds like the plugin, more specifically I forgot to add some error checking
   for incompatible versions of sha1 function. I’ll get on this.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Protect wp-content & wp-include using mod_rewrite?](https://wordpress.org/support/topic/protect-wp-content-038-wp-include-using-mod_rewrite/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/protect-wp-content-038-wp-include-using-mod_rewrite/#post-750828)
 * You can get the program here, [AskApache Password Protect](http://wordpress.org/extend/plugins/askapache-password-protect/)
 * > Oh ya, and I added an additional security option to password-protect /wp-login.
   > php
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Plugin: AskApache Password Protect] Installation Problem](https://wordpress.org/support/topic/plugin-askapache-password-protect-installation-problem/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/plugin-askapache-password-protect-installation-problem/#post-743706)
 * Ok I fixed it.. The problem was occurring I think because the automatic upgrade
   stuff somehow included the file twice. Theres really no other explanation since
   it literally was only in the file once. So I added 2 different tests that make
   sure it doesn’t get included twice and the new version works!
 * Oh ya, and I added an additional security option to password-protect /wp-login.
   php
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Plugin: AskApache Password Protect] Installation Problem](https://wordpress.org/support/topic/plugin-askapache-password-protect-installation-problem/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/plugin-askapache-password-protect-installation-problem/#post-743695)
 * I can’t figure it out.. sorry.
 * It doens’t make any sense… how can a single `add_options_page` be declared twice?
   And why does it say that its occuring on the line right underneath the real one?
 * I change the name of the option but apparently it is still causing this problem
   for many.. all with an upgraded version?
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [mod_rewrite htaccess MYSTERY…](https://wordpress.org/support/topic/mod_rewrite-htaccess-mystery/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/mod_rewrite-htaccess-mystery/#post-702870)
 * > And now “Pretty Permalinks” are working on my site. Can anyone explain to me
   > why taking out the <IfModule lines fixed the problem?? I’d just like to understand.
 * That is awful weird. whooami is right, if you didn’t have mod_rewrite and you
   removed the IfModule lines, it would have resulted in a 500 error.
 * What version of Apache, what type of operating system? Where is the .htaccess
   file at relative to your domains root? ie is it in /wordpress/.htaccess or /.
   htaccess?
 * What does the [AskApache RewriteRules Viewer](http://www.askapache.com/htaccess/rewriterule-viewer-plugin.html)
   tell you?
 *   Forum: [Alpha/Beta/RC](https://wordpress.org/support/forum/alphabeta/)
    In 
   reply to: [2.5 image upload](https://wordpress.org/support/topic/25-image-upload/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/25-image-upload/page/8/#post-714370)
 * Theres only one way to figure out how to fix it.. debug. Using wireshark to capture
   packets from my end and using mod_security in a “pass,alow,auditlog” filter I
   was able to dermine that swfupload is the culprit. And having an upload file 
   for “asynchronous uploads” from clients that can’t even send basic auth headers
   is not moving forward in my book.
 * Here’s the code I eventually settled on for the [AskApache Password Protect plugin](http://www.askapache.com/wordpress/htaccess-password-protect.html ).
 *     ```
       # BEGIN AskApache PassPro
       AuthName "Protected By AskApache"
       AuthUserFile /home/askapache.com/.htpasswda1
       AuthType Basic
       Require valid-user
       <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|css|js)$">
       Allow from All
       </FilesMatch>
       <Files async-upload.php>
       Allow from All
       </Files>
       Satisfy Any
       # END AskApache PassPro
       ```
   
 * If I wasn’t trying to make it as compatible as possible I would have definatately
   used rewriterule or just SecFilterSelectives..
 * Someone should notify the swfupload developer that it is relatively a cinch to
   add headers to requests in flash. I mean even small childrends cell phones can
   do basic authentication. I really like the swfupload though.. brilliant.
 * So hopefully someone sets their mod_rewrite to log and then we can see what rule
   was giving us a false positive.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Plugin: AskApache Password Protect] Image upload error when aapass is active](https://wordpress.org/support/topic/plugin-askapache-password-protect-image-upload-error-when-aapass-is-active/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/plugin-askapache-password-protect-image-upload-error-when-aapass-is-active/#post-737981)
 * Circle-
 * 1. Not really, most bloggers don’t even know what mod_security is, and even fewer
   actually do have it.
 * The one thing that gives me pause is that it opens up a pathway for attackers
   to push their exploits because mod_Security won’t be turned on. And also this
   asnc-upload.php script has some features that lower its overall security and 
   make it easier to successfully exploit in terms of cookies and state tracking.
 * 2. Yes the version I released this morning completely fixes this.
 * Although I allowed access to the file itself, which does create a small hole 
   in the password protection of the admin dir, [mod_security](http://www.askapache.com/htaccess/mod_security-htaccess-tricks.html)
   is still 100% doing its thing.
 *   Forum: [Installing WordPress](https://wordpress.org/support/forum/installation/)
   
   In reply to: [Add Media – not working, asking me to login…](https://wordpress.org/support/topic/add-media-not-working-asking-me-to-login/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/add-media-not-working-asking-me-to-login/#post-726171)
 * Turning mod_security completely off for an upload script scares me. I had to 
   do that for my plugin because most people don’t have mod_security, but for those
   of you with mod_security you might want to consider some type of access control.
 * Instead of
 *     ```
       <IfModule mod_security.c>
       <Files async-upload.php>
       SecFilterEngine Off
       SecFilterScanPOST Off
       </Files>
       </IfModule>
       ```
   
 * Instead I would leave it on for everyone except me, and keep it on for everyone
   else. But actually if I was having this problem I would go and turn on debugging
   to find out the security rule causing this false positive and just fix that.
 *     ```
       <IfModule mod_security.c>
       <Files async-upload.php>
       SetEnvIfNoCase Remote_Addr ^208\.113\.183\.103$ MODSEC_ENABLE=Off
       </Files>
       </IfModule>
       ```
   
 * While working on the [AskApache Password Protect](http://www.askapache.com/wordpress/htaccess-password-protect.html)
   plugin I also had problems with the image media uploader. I found out that WordPress
   2.5 is now using a small swfuploader.swf file which is a separate application
   than your browser. Javascript was my first guess but its definately connecting
   to your server from the flash application.
 * Which isn’t a bad thing, just some unfinished action-script programming for the
   flash developer. So sounds like you guys are having a different problem than 
   a HTTP Basic authentication one, so my guess is the flash app is using some sort
   of suspicious looking request in its communication with the server.
 * You can easily find out exactly what is triggering the mod_security rule by [turning on logging](http://www.askapache.com/htaccess/mod_security-htaccess-tricks.html#mod_security-debugging).
   I [blogged in some detail](http://www.askapache.com/htaccess/mod_security-htaccess-tricks.html)
   about how to do that on DreamHost.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Plugin: AskApache Password Protect] Image upload error when aapass is active](https://wordpress.org/support/topic/plugin-askapache-password-protect-image-upload-error-when-aapass-is-active/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/plugin-askapache-password-protect-image-upload-error-when-aapass-is-active/#post-737977)
 * [@neuroitc](https://wordpress.org/support/users/neuroitc/)
 * I’m curious as to what security rules/filters are being triggered by your requests
   to async-upload.php
 * I experienced an error as well when using WP 2.5 to upload to the media gallery.
   After some debugging I found the reason for this error is simply because async-
   upload.php is sent the uploaded file via a POST from an swfupload.swf file, which
   doesn’t have support builtin to send HTTP Basic Authorization.
 * I am really curious how the above code fixes the problem, I haven’t had any problems
   with my mod_security. Could you please do this to help me out?
    1. create a file called `modsec_audit.log` and chmod 666
    2. add the code below to your `.htaccess`
    3. try to upload an image to make the image occur again
 *     ```
       <IfModule mod_security.c>
       SecFilterEngine On
       SecFilterCheckURLEncoding On
       SecFilterCheckUnicodeEncoding Off
       SecFilterScanPOST On
       SecAuditLogParts ABCDEFGHZ
       SecAuditEngine RelevantOnly
       SecAuditLog /fullpathto/modsec_audit.log
       </IfModule>
       ```
   
 * Now the modsec_audit.log will explain what rule the request is matching.
 * Or you can just [upgrade to the newer version](http://wordpress.org/extend/plugins/askapache-password-protect)
   and see if it works for you.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [[Plugin: AskApache Password Protect] Protection of /wp-includes/ causes tiny error](https://wordpress.org/support/topic/plugin-askapache-password-protect-protection-of-wp-includes-causes-tiny-error/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/plugin-askapache-password-protect-protection-of-wp-includes-causes-tiny-error/#post-737976)
 * [@bene](https://wordpress.org/support/users/bene/)
 * Thanks for spotting this, I never use the visual editor so I didn’t even realize
   it was happening.. I’ve been grepping my access logs for anything failing in 
   the wp-includes or wp-content directories and this is the only one so far.
 * The latest version of [AskApache Password Protect](http://www.askapache.com/wordpress/htaccess-password-protect.html)
   fixes this.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Plugin: AskApache Password Protect] Installation Problem](https://wordpress.org/support/topic/plugin-askapache-password-protect-installation-problem/)
 *  [askapache](https://wordpress.org/support/users/askapache/)
 * (@askapache)
 * [18 years ago](https://wordpress.org/support/topic/plugin-askapache-password-protect-installation-problem/#post-743674)
 * I am definately thinking it is a WordPress bug. Because its not being redeclared,
   at least from what I know about redeclaring functions. Its just not.
 * Maybe the newer [AskApache Password Protect](http://wordpress.org/extend/plugins/askapache-password-protect/)
   3.6.x version will work for you.

Viewing 15 replies - 121 through 135 (of 137 total)

[←](https://wordpress.org/support/users/askapache/replies/page/8/?output_format=md)
[1](https://wordpress.org/support/users/askapache/replies/?output_format=md) [2](https://wordpress.org/support/users/askapache/replies/page/2/?output_format=md)
[3](https://wordpress.org/support/users/askapache/replies/page/3/?output_format=md)…
[8](https://wordpress.org/support/users/askapache/replies/page/8/?output_format=md)
9 [10](https://wordpress.org/support/users/askapache/replies/page/10/?output_format=md)
[→](https://wordpress.org/support/users/askapache/replies/page/10/?output_format=md)