Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter shivanirupnawar

    (@shivanirupnawar)

    Yes, but every time I can’t just clear the browser cache. Even when I tried visiting my site in incognito mode, the redirection to Dashboard happens.

    Basically, the behavior of the issue is, if the user enters a site URL that needs authentication, then he is redirected to the Login form. And this redirection is being cached by the browser, the request status code is 302. After successful login when the user again hits the URL(the earlier one, which initially needed authentication), this request is served from disk cache, and it redirects to the wp-admin page as the user is logged in.

    Thread Starter shivanirupnawar

    (@shivanirupnawar)

    Hi Mark,

    Thanks for your response.

    I checked my plugins list, but there is no other plugin used which deals with redirection. Also, the issue is not observed when we disable the cache from the Network’s tab(Chrome DevTools).

    Proving the contents of the .htaccess file:-
    # BEGIN WP Rocket v3.5.5.1
    # Use UTF-8 encoding for anything served text/plain or text/html
    AddDefaultCharset UTF-8
    # Force UTF-8 for a number of file formats
    <IfModule mod_mime.c>
    AddCharset UTF-8 .atom .css .js .json .rss .vtt .xml
    </IfModule>
    # FileETag None is not enough for every server.
    <IfModule mod_headers.c>
    Header unset ETag
    </IfModule>
    # Since we’re sending far-future expires, we don’t need ETags for static content.
    # developer.yahoo.com/performance/rules.html#etags
    FileETag None
    <IfModule mod_alias.c>
    <FilesMatch “\.(html|htm|rtf|rtx|txt|xsd|xsl|xml)$”>
    <IfModule mod_headers.c>
    Header set X-Powered-By “WP Rocket/3.5.5.1”
    Header unset Pragma
    Header append Cache-Control “public”
    Header unset Last-Modified
    </IfModule>
    </FilesMatch>
    <FilesMatch “\.(css|htc|js|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$”>
    <IfModule mod_headers.c>
    Header unset Pragma
    Header append Cache-Control “public”
    </IfModule>
    </FilesMatch>
    </IfModule>
    # Expires headers (for better cache control)
    <IfModule mod_expires.c>
    ExpiresActive on
    # Perhaps better to whitelist expires rules? Perhaps.
    ExpiresDefault “access plus 1 month”
    # cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
    ExpiresByType text/cache-manifest “access plus 0 seconds”
    # Your document html
    ExpiresByType text/html “access plus 0 seconds”
    # Data
    ExpiresByType text/xml “access plus 0 seconds”
    ExpiresByType application/xml “access plus 0 seconds”
    ExpiresByType application/json “access plus 0 seconds”
    # Feed
    ExpiresByType application/rss+xml “access plus 1 hour”
    ExpiresByType application/atom+xml “access plus 1 hour”
    # Favicon (cannot be renamed)
    ExpiresByType image/x-icon “access plus 1 week”
    # Media: images, video, audio
    ExpiresByType image/gif “access plus 4 months”
    ExpiresByType image/png “access plus 4 months”
    ExpiresByType image/jpeg “access plus 4 months”
    ExpiresByType image/webp “access plus 4 months”
    ExpiresByType video/ogg “access plus 1 month”
    ExpiresByType audio/ogg “access plus 1 month”
    ExpiresByType video/mp4 “access plus 1 month”
    ExpiresByType video/webm “access plus 1 month”
    # HTC files (css3pie)
    ExpiresByType text/x-component “access plus 1 month”
    # Webfonts
    ExpiresByType font/ttf “access plus 4 months”
    ExpiresByType font/otf “access plus 4 months”
    ExpiresByType font/woff “access plus 4 months”
    ExpiresByType font/woff2 “access plus 4 months”
    ExpiresByType image/svg+xml “access plus 1 month”
    ExpiresByType application/vnd.ms-fontobject “access plus 1 month”
    # CSS and JavaScript
    ExpiresByType text/css “access plus 1 year”
    ExpiresByType application/javascript “access plus 1 year”
    </IfModule>
    # Gzip compression
    <IfModule mod_deflate.c>
    # Active compression
    SetOutputFilter DEFLATE
    # Force deflate for mangled headers
    <IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
    SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
    RequestHeader append Accept-Encoding “gzip,deflate” env=HAVE_Accept-Encoding
    # Don’t compress images and other uncompressible content
    SetEnvIfNoCase Request_URI \
    \.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary
    </IfModule>
    </IfModule>
    # Compress all output labeled with one of the following MIME-types
    <IfModule mod_filter.c>
    AddOutputFilterByType DEFLATE application/atom+xml \
    application/javascript \
    application/json \
    application/rss+xml \
    application/vnd.ms-fontobject \
    application/x-font-ttf \
    application/xhtml+xml \
    application/xml \
    font/opentype \
    image/svg+xml \
    image/x-icon \
    text/css \
    text/html \
    text/plain \
    text/x-component \
    text/xml
    </IfModule>
    <IfModule mod_headers.c>
    Header append Vary: Accept-Encoding
    </IfModule>
    </IfModule>
    # END WP Rocket
    # BEGIN All In One WP Security
    #AIOWPS_BLOCK_WP_FILE_ACCESS_START
    <Files license.txt>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    <Files wp-config-sample.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    <Files readme.html>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    #AIOWPS_BLOCK_WP_FILE_ACCESS_END
    #AIOWPS_BASIC_HTACCESS_RULES_START
    <Files .htaccess>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    ServerSignature Off
    LimitRequestBody 10240000
    <Files wp-config.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    #AIOWPS_BASIC_HTACCESS_RULES_END
    #AIOWPS_PINGBACK_HTACCESS_RULES_START
    <Files xmlrpc.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    #AIOWPS_PINGBACK_HTACCESS_RULES_END
    #AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_START
    <Files debug.log>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    #AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_END
    #AIOWPS_DISABLE_INDEX_VIEWS_START
    Options -Indexes
    #AIOWPS_DISABLE_INDEX_VIEWS_END
    #AIOWPS_DISABLE_TRACE_TRACK_START
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* – [F]
    </IfModule>
    #AIOWPS_DISABLE_TRACE_TRACK_END
    #AIOWPS_FORBID_PROXY_COMMENTS_START
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^POST
    RewriteCond %{HTTP:VIA} !^$ [OR]
    RewriteCond %{HTTP:FORWARDED} !^$ [OR]
    RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
    RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
    RewriteCond %{HTTP:X_FORWARDED_HOST} !^$ [OR]
    RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
    RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
    RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
    RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
    RewriteRule wp-comments-post\.php – [F]
    </IfModule>
    #AIOWPS_FORBID_PROXY_COMMENTS_END
    #AIOWPS_DENY_BAD_QUERY_STRINGS_START
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{QUERY_STRING} ftp: [NC,OR]
    RewriteCond %{QUERY_STRING} http: [NC,OR]
    RewriteCond %{QUERY_STRING} https: [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} (\;|’|\”|%22).*(request|insert|union|declare|drop) [NC]
    RewriteRule ^(.*)$ – [F,L]
    </IfModule>
    #AIOWPS_DENY_BAD_QUERY_STRINGS_END
    #AIOWPS_ADVANCED_CHAR_STRING_FILTER_START
    <IfModule mod_alias.c>
    RedirectMatch 403 \,
    RedirectMatch 403 \:
    RedirectMatch 403 \;
    RedirectMatch 403 \=
    RedirectMatch 403 \[
    RedirectMatch 403 \]
    RedirectMatch 403 \^
    RedirectMatch 403 \`
    RedirectMatch 403 \{
    RedirectMatch 403 \}
    RedirectMatch 403 \~
    RedirectMatch 403 \”
    RedirectMatch 403 \$
    RedirectMatch 403 \<
    RedirectMatch 403 \>
    RedirectMatch 403 \|
    RedirectMatch 403 \.\.
    RedirectMatch 403 \%0
    RedirectMatch 403 \%A
    RedirectMatch 403 \%B
    RedirectMatch 403 \%C
    RedirectMatch 403 \%D
    RedirectMatch 403 \%E
    RedirectMatch 403 \%F
    RedirectMatch 403 \%22
    RedirectMatch 403 \%27
    RedirectMatch 403 \%28
    RedirectMatch 403 \%29
    RedirectMatch 403 \%3C
    RedirectMatch 403 \%3E
    RedirectMatch 403 \%3F
    RedirectMatch 403 \%5B
    RedirectMatch 403 \%5C
    RedirectMatch 403 \%5D
    RedirectMatch 403 \%7B
    RedirectMatch 403 \%7C
    RedirectMatch 403 \%7D
    # COMMON PATTERNS
    Redirectmatch 403 \_vpi
    RedirectMatch 403 \.inc
    Redirectmatch 403 xAou6
    Redirectmatch 403 db\_name
    Redirectmatch 403 select\(
    Redirectmatch 403 convert\(
    Redirectmatch 403 \/query\/
    RedirectMatch 403 ImpEvData
    Redirectmatch 403 \.XMLHTTP
    Redirectmatch 403 proxydeny
    RedirectMatch 403 function\.
    Redirectmatch 403 remoteFile
    Redirectmatch 403 servername
    Redirectmatch 403 \&rptmode\=
    Redirectmatch 403 sys\_cpanel
    RedirectMatch 403 db\_connect
    RedirectMatch 403 doeditconfig
    RedirectMatch 403 check\_proxy
    Redirectmatch 403 system\_user
    Redirectmatch 403 \/\(null\)\/
    Redirectmatch 403 clientrequest
    Redirectmatch 403 option\_value
    RedirectMatch 403 ref\.outcontrol
    # SPECIFIC EXPLOITS
    RedirectMatch 403 errors\.
    RedirectMatch 403 config\.
    RedirectMatch 403 include\.
    RedirectMatch 403 display\.
    RedirectMatch 403 register\.
    Redirectmatch 403 password\.
    RedirectMatch 403 maincore\.
    RedirectMatch 403 authorize\.
    Redirectmatch 403 macromates\.
    RedirectMatch 403 head\_auth\.
    RedirectMatch 403 submit\_links\.
    RedirectMatch 403 change\_action\.
    Redirectmatch 403 com\_facileforms\/
    RedirectMatch 403 admin\_db\_utilities\.
    RedirectMatch 403 admin\.webring\.docs\.
    Redirectmatch 403 Table\/Latest\/index\.
    </IfModule>
    #AIOWPS_ADVANCED_CHAR_STRING_FILTER_END
    #AIOWPS_SIX_G_BLACKLIST_START
    # 6G FIREWALL/BLACKLIST
    # @ https://perishablepress.com/6g/
    # 6G:[QUERY STRINGS]
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
    RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
    RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
    RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
    RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
    RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
    RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
    RewriteCond %{QUERY_STRING} (‘|\”)(.*)(drop|insert|md5|select|union) [NC]
    RewriteRule .* – [F]
    </IfModule>
    # 6G:[REQUEST METHOD]
    <IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC]
    RewriteRule .* – [F]
    </IfModule>
    # 6G:[REFERRERS]
    <IfModule mod_rewrite.c>
    RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000,}) [NC,OR]
    RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]
    RewriteRule .* – [F]
    </IfModule>
    # 6G:[REQUEST STRINGS]
    <IfModule mod_alias.c>
    RedirectMatch 403 (?i)([a-z0-9]{2000,})
    RedirectMatch 403 (?i)(https?|ftp|php):/
    RedirectMatch 403 (?i)(base64_encode)(.*)(\()
    RedirectMatch 403 (?i)(=\’|=\%27|/\’/?)\.
    RedirectMatch 403 (?i)/(\$(\&)?|\*|\”|\.|,|&|&?)/?$
    RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\”\\”)
    RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\|\s|\{|\}|\[|\]|\|)
    RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack)
    RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
    RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
    RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php
    </IfModule>
    # 6G:[USER AGENTS]
    <IfModule mod_setenvif.c>
    SetEnvIfNoCase User-Agent ([a-z0-9]{2000,}) bad_bot
    SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot
    # Apache < 2.3
    <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Allow from all
    Deny from env=bad_bot
    #AIOWPS_IP_BLACKLIST_2_3_START
    Deny from 1.1.1.1
    #AIOWPS_IP_BLACKLIST_2_3_END
    </IfModule>
    # Apache >= 2.3
    <IfModule mod_authz_core.c>
    <RequireAll>
    Require all Granted
    Require not env bad_bot
    #AIOWPS_IP_BLACKLIST_2_4_START
    Require not ip 1.1.1.1
    #AIOWPS_IP_BLACKLIST_2_4_END
    </RequireAll>
    </IfModule>
    </IfModule>
    #AIOWPS_SIX_G_BLACKLIST_END
    #AIOWPS_FIVE_G_BLACKLIST_START
    # 5G BLACKLIST/FIREWALL (2013)
    # @ http://perishablepress.com/5g-blacklist-2013/
    # 5G:[QUERY STRINGS]
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{QUERY_STRING} (\”|%22).*(<|>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (\\|\.\./|`|=’$|=%27$) [NC,OR]
    RewriteCond %{QUERY_STRING} (\;|’|\”|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR]
    RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
    RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
    RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
    RewriteRule .* – [F]
    </IfModule>
    # 5G:[USER AGENTS]
    <IfModule mod_setenvif.c>
    # SetEnvIfNoCase User-Agent ^$ keep_out
    SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out
    <limit GET POST PUT>
    Order Allow,Deny
    Allow from all
    Deny from env=keep_out
    </limit>
    </IfModule>
    # 5G:[REQUEST STRINGS]
    <IfModule mod_alias.c>
    RedirectMatch 403 (https?|ftp|php)\://
    RedirectMatch 403 /(https?|ima|ucp)/
    RedirectMatch 403 /(Permanent|Better)$
    RedirectMatch 403 (\=\\\’|\=\\%27|/\\\’/?|\)\.css\()$
    RedirectMatch 403 (\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\”\\\”)
    RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
    RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$
    RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_)
    RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml)
    RedirectMatch 403 \.well\-known/host\-meta
    RedirectMatch 403 /function\.array\-rand
    RedirectMatch 403 \)\;\$\(this\)\.html\(
    RedirectMatch 403 proc/self/environ
    RedirectMatch 403 msnbot\.htm\)\.\_
    RedirectMatch 403 /ref\.outcontrol
    RedirectMatch 403 com\_cropimage
    RedirectMatch 403 indonesia\.htm
    RedirectMatch 403 \{\$itemURL\}
    RedirectMatch 403 function\(\)
    RedirectMatch 403 labels\.rdf
    RedirectMatch 403 /playing.php
    RedirectMatch 403 muieblackcat
    </IfModule>
    # 5G:[REQUEST METHOD]
    <ifModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* – [F]
    </IfModule>
    #AIOWPS_FIVE_G_BLACKLIST_END
    #AIOWPS_BLOCK_SPAMBOTS_START
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\.instantnurse\.com [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule .* http://127.0.0.1 [L]
    </IfModule>
    #AIOWPS_BLOCK_SPAMBOTS_END
    #AIOWPS_PREVENT_IMAGE_HOTLINKS_START
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\.instantnurse\.com [NC]
    RewriteRule \.(gif|jpe?g?|png)$ – [F,NC,L]
    </IfModule>
    #AIOWPS_PREVENT_IMAGE_HOTLINKS_END
    # END All In One WP Security
    # BEGIN WordPress
    # The directives (lines) between “BEGIN WordPress” and “END WordPress” are
    # dynamically generated, and should only be modified via WordPress filters.
    # Any changes to the directives between these markers will be overwritten.
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    Thread Starter shivanirupnawar

    (@shivanirupnawar)

    May I know updates on this? Also, let me know if more information is required.

Viewing 3 replies - 1 through 3 (of 3 total)