6G “USER AGENTS” rule disables password protection

  • Resolved joneiseman

    (@joneiseman)


    7 years, 1 month ago

    The 6G USER AGENTS rule is as follows:

    # 6G:[USER AGENTS]
<IfModule mod_setenvif.c>
SetEnvIfNoCase User-Agent ([a-z0-9]{2000,}) bad_bot
SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot

# Apache < 2.3
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</IfModule>

# Apache >= 2.3
<IfModule mod_authz_core.c>
<RequireAll>
Require all Granted
Require not env bad_bot
</RequireAll>
</IfModule>
</IfModule>

    My wordpress top level directory is password protected using the following rule:

    AuthType Basic
AuthName "..."
AuthUserFile "..."
require valid-user

    The 6G USER AGENT rule overrides the password protection (since it specifies “Allow from all” or “Require all Granted”).

    I switched to the 5G rules to avoid this problem.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, you might be able to still use 6G rules by removing the code you mentioned above i.e. “Allow from all” or “Require all Granted”. Then add this customize code to the Custom Rules tab and then disable the 6G rules.

    Let me know if this works for you.

    Thank you

    • This reply was modified 7 years, 1 month ago by mbrsolution.
    • This reply was modified 7 years, 1 month ago by mbrsolution.
    Thread Starter joneiseman

    (@joneiseman)

    Hi this solution works for me. However, instead of just disabling the 6G USER AGENT rules, I replaced these rules:

    # Apache < 2.3
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</IfModule>

# Apache >= 2.3
<IfModule mod_authz_core.c>
<RequireAll>
Require all Granted
Require not env bad_bot
</RequireAll>
</IfModule>

    With this:

    <limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</limit>
</IfModule>
#AIOWPS_SIX_G_BLACKLIST_END

    Thanks!

    Plugin Contributor mbrsolution

    (@mbrsolution)

    I am glad you found a solution to your problem. Well done ??

    I am marking this thread as resolved.

    Enjoy the plugin.

    Regards

    Neverlands

    (@neverlands)

    I have the same problem.
    But turning off even both 5G and 6G nor the solution above did work for me.
    AIOWPS Version 4.3.1

    Thread Starter joneiseman

    (@joneiseman)

    I would check the .htaccess file and see if it has a line like this:
    Order allow,deny

    This would cause the problem.

    If you have the Blacklist Manager enabled in the WP Security plugin it will add that line. Other security plugins may also add that line (e.g., Bulletproof Security).

    • This reply was modified 7 years ago by joneiseman.
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘6G “USER AGENTS” rule disables password protection’ is closed to new replies.