[Plugin: AskApache Password Protect] What’s new in 8/14 version?
-
I’m just so nervous after what I did to my blog this last time. I remember there being a mention of adding something that would help us from shooting ourselves in the foot and am wondering if that is part of this install.
Thanks for all of the hard work!!
-
I have taken the 4.5.1 (not sure where you get the 8/14 from) version for a test upgrade and would recommend to stay clear of it for now. I had issues during the upgrade and have decided to hold back until we hear more from the plugin developer. He must be flat out (or gone on a holiday) because I have not seen any feedback or responses from him since 4.5 and 4.5.1 were released.
It’s a great plugin and I would not live without it – I have a sense that we’ll be seeing a 4.5.2 appear shortly.
R
My test with 4.5.1 failed too. Fortunatly Ask Apache has mucked up my admin that I know how to fix that in a few minutes (when I have access to my control panel, which is not from work), but I couldn’t get 4.5.1 installed, back to 4.3.2 was no problem. (Btw. did I miss the 4.4 series or have they never been available?)
4.3.2 and then straight on to 4.5 with 4.5.1 available within 24 hours and then no sign of the author. My theory is that he must have worked non stop and gone without sleep for days – he’s now resting and probably dreaming about WordPress, plugins and all things Apache.
Mr Apache?
Pretty please… where are you??
R
4.5.2 just released…
Lets have a squizz.
R
I just upgraded. The 8/14 was a reference to the date I first saw a new plugin alert for this.
I didn’t do the full htpass this time as I’ve run into problems with that in prior installs though I was able to hook up some of the other features this time flawlessly. And the interface looks awesome.
Nice work, Apache!
Previous versions fine…
4.5.2 failing – turned debug on and here’s 1st lot of error messages telling me that .htaccess files are not allowed. (What ever the issue is its probably causing the other errors further down – which I have not included.
If anyone can help please drop a line…
[ ] .htaccess files allowed
Array
(
[scheme] => http
[host] => https://www.trupela.com
[path] => /blog/blog/wp-content/askapache/modaliastest
)Array
(
[scheme] => http
[host] => https://www.trupela.com
[path] => /blog/blog/wp-content/askapache/modaliastest
[url] => url
[method] => GET
[protocol] => 1.0
[ip] => 69.89.31.208
[port] => 80
[ua] => Mozilla/5.0 (compatible; AskApache_Net/1.0; https://www.askapache.com)
[referer] => https://www.askapache.com
[user] =>
[pass] =>
[fragment] =>
)Array
(
[0] => GET /blog/blog/wp-content/askapache/modaliastest HTTP/1.0
[1] => Host: https://www.trupela.com
[2] => User-Agent: Mozilla/5.0 (compatible; AskApache_Net/1.0; https://www.askapache.com)
[3] => Accept: application/xhtml+xml,text/html;q=0.9,*/*;q=0.5
[4] => Accept-Language: en-us,en;q=0.5
[5] => Accept-Encoding: none
[6] => Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
[7] => Referer: https://www.askapache.com
)
Array
(
[0] => HTTP/1.1 404 Not Found
[1] => Date: Sat, 16 Aug 2008 02:22:01 GMT
[2] => Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
[3] => X-Powered-By: PHP/5.2.6
[4] => X-Pingback: https://www.trupela.com/blog/xmlrpc.php
[5] => Expires: Wed, 11 Jan 1984 05:00:00 GMT
[6] => Cache-Control: no-cache, must-revalidate, max-age=0
[7] => Pragma: no-cache
[8] => Set-Cookie: bb2_screener_=1218853321+69.89.31.208; path=/blog/
[9] => Set-Cookie: PHPSESSID=40360e0a308cd823f9ae05a464244009; path=/
[10] => Last-Modified: Sat, 16 Aug 2008 02:22:02 GMT
[11] => Connection: close
[12] => Content-Type: text/html; charset=UTF-84.6 just released….
I added file revisioning support to .htaccess files, so that every time you update or change the .htaccess files it saves the old copy. The next release will provide a DIFF view of the differences.
Also fixed all the bugs I was notified about or found, and provided the option to bypass some of the testing if you know your server supports something.
I have to get back to my real job now ?? but for the next release I’m going to add a whole user-management area to add and remove users and groups from .htpasswd files.
Then it will be ready to start using the advanced SID’s like mod_security..
AskApache,
4.6 still ain’t working for me.
I’m happy to provide you with my feedback to assist in improving this plugin as I know of others also experiencing issues since 4.5. It’s a great WP value add and it worked flawlessly for me prior to 4.5.
Where’s the best place/site to give you this feedback?
R
Cool stuff, indeed. Thx for the hard work.
askapache said
fixed all the bugs I was notified about
How do we notify you?
Thanks,
Steve
Ok I major issue that is the only one I have been notified about for version 4.6 is now fixed. rschilt enlightened me to the error by posting that debug output that showed all the tests were going to /blog/blog/ when they should have gone to /blog/
The problem was I had forgotten to rtrim a single ‘/’ character from a path before doing a str_replace on it and so that means that everyone who has their blog installed in a non-root-directory ‘/’ folder would not be able to get past the test screen.
Now it will work for you rschilt.
To notify me, use the contact page on my site, post on this message board, or add a comment to the plugins home-page.
The next major release will include a couple sweet ways to contact me about problems and suggestions… so until then….
Pheeewww….!!
When will the above fix be released?
R
Hi AskApache,
I can now perform the initial tests OK after downloading 4.6.1. Thanks.
Just one thing now… when trying to create the password file – it comes back with error message:
ERROR: Please make …/public_html/.htpasswda1 writable and readable
Even if I specify location and give it permissions 777 – it still comes back with same error. Ideally I would locate the password file above the docunment root as per your suggestion – but need to resolve the above error first.
Cheers bro,
R
Hi askapache,
Thanks for supplying the contact info (wasn’t able to use the webmaster contact form on your site – it gives a not-authorized error). And thanks for continuing to support your great plugin.
I upgraded to 4.6.1 – it still fails the tests – see below.
Also, it looks like your fix with the rtrim of ‘/’ is along the right path but the tests still create a wp-content directory in my root directory.
Let me know what I can do to help with debugging.
Best regards,
Steve
ps. (repeated from another thread) Re mod_auth_digest my host, Hostmonster has stated that they will never enable mod_auth_digest. I explained the issue and escalated it it higher and higher support levels to no avail. Also, I’ve seen some recommendations elsewhere to leave the mod_auth_digest disabled.
pps. Here is summarized debug output showing just the failed tests (with two exceptions. Note, auth domain looks funny and has to do with the mysterious wp-content directory.
Array
(
[step] => test
[plugin_data] => Array
(
[Name] => AskApache Password Protect
[Title] => AskApache Password Protect
[Description] => Advanced Security: Password Protection, Anti-Spam, Anti-Exploits, more to come…
[Author] => AskApache
[Version] => 4.6.1
)[scheme] => http
[host] => example.com
[root_path] => /main/
[home_path] => /home/example-server/public_html/example/
[test_dir] => /home/example-server/public_html/example/wp-content/askapache
[root_htaccess] => /home/example-server/public_html/example/.htaccess
[admin_htaccess] => /home/example-server/public_html/example/wp-admin/.htaccess
[admin_mail] => [email protected]
[authdomain] => /main/wp-admin/ https://example.com/main/wp-admin/
[authname] => Protected By AskApache
[authuserfile] => /home/example-server/public_html/example/.htpasswda3
[algorithm] => md5
[key] => $P$BSBJlkDrPS4Tg5mEoyfxQ7YuQ0Ese1.
[htaccess_support] => 0
[mod_alias_support] => 0
[mod_rewrite_support] => 0
[mod_security_support] => 0
[mod_auth_digest_support] => 0
[basic_support] => 0
[digest_support] => 0
[crypt_support] => 0
[sha1_support] => 0
[md5_support] => 0
[setup_complete] => 0
[revision_support] => 0
[apache_version] =>
[revisions] => Array
(
)
)[pass ] Fsockopen Networking Functionality
File Permission Tests
If any of these checks fail this plugin will not work. Both your /.htaccess and /wp-admin/.htaccess files must be writable for this plugin, those are the only 2 files this plugin absolutely must be able to modify. If any of the other checks fail you will need to manually create a folder named askapache in your /wp-content/ folder and make it writable.[fail ] /wp-admin/.htaccess file writable
[pass] /wp-admin/.htaccess file writable[ fail] .htaccess files allowed
Array
(
[0] => GET /main/wp-content/askapache/modaliastest HTTP/1.0
[1] => Host: example.com
[2] => User-Agent: Mozilla/5.0 (compatible; AskApache_Net/1.0; https://www.askapache.com)
[3] => Accept: application/xhtml+xml,text/html;q=0.9,*/*;q=0.5
[4] => Accept-Language: en-us,en;q=0.5
[5] => Accept-Encoding: none
[6] => Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
[7] => Referer: https://www.askapache.com
)HTTP Digest Authentication
Now we know the encryption and apache module capabilities of your site. This test literally logs in to your server using Digest Authenticationts, providing the ultimate answer as to if your server supports this scheme.[fail ] Major bummer… you don’t have mod_auth_digest! (included in apache since 1.1)
[fail ] Basic Authentication Attempt using Crypt Encryption
Array
(
[0] => GET /main/wp-content/askapache/basic_auth_test.gif HTTP/1.0
[1] => Host: example.com
[2] => User-Agent: Mozilla/5.0 (compatible; AskApache_Net/1.0; https://www.askapache.com)
[3] => Accept: application/xhtml+xml,text/html;q=0.9,*/*;q=0.5
[4] => Accept-Language: en-us,en;q=0.5
[5] => Accept-Encoding: none
[6] => Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
[7] => Referer: https://www.askapache.com
[8] => Authorization: Basic dGVzdE1ENTp0ZXN0TUQ1
)
Array
(
[0] => HTTP/1.1 404 Not Found
[1] => Date: Fri, 22 Aug 2008 09:11:34 GMT
[2] => Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
[3] => Accept-Ranges: bytes
[4] => Content-Length: 78
[5] => Connection: close
[6] => Content-Type: text/html
)
[fail ] Basic Authentication Attempt using MD5 EncryptionArray
(
[0] => GET /main/wp-content/askapache/basic_auth_test.gif HTTP/1.0
[1] => Host: example.com
[2] => User-Agent: Mozilla/5.0 (compatible; AskApache_Net/1.0; https://www.askapache.com)
[3] => Accept: application/xhtml+xml,text/html;q=0.9,*/*;q=0.5
[4] => Accept-Language: en-us,en;q=0.5
[5] => Accept-Encoding: none
[6] => Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
[7] => Referer: https://www.askapache.com
[8] => Authorization: Basic dGVzdFNIQTE6dGVzdFNIQTE=
)
Array
(
[0] => HTTP/1.1 404 Not Found
[1] => Date: Fri, 22 Aug 2008 09:11:35 GMT
[2] => Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
[3] => Accept-Ranges: bytes
[4] => Content-Length: 78
[5] => Connection: close
[6] => Content-Type: text/html
)
[fail ] Basic Authentication Attempt using SHA1 Encryption[pass ] Basic Authentication Access Scheme Supported
Hm, I get a
ERROR: Failed to create /home/xxx/public_html/.htpasswda3in ver 4.6.1 even after setting permissions to 666 and user:group to ftpuser:ftpgroup…
- The topic ‘[Plugin: AskApache Password Protect] What’s new in 8/14 version?’ is closed to new replies.