(dot)haccess false positive?

  • hello –

    it was recommended to me to use the following code to redirect all http requests to https:

    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [R=301,QSA,NC,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$      https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    but the totally awesome quttera gives me this result:

    Severity:	enSuspiciousThreatType
File:	  /.htaccess
File signature:	803f2bbb0ad650e9d152685d8ac97492
Threat signature:	2854e0d7455a62852d90a0b164a018c3
Threat:	RewriteRule ^(.*)$ h
Details:	Detected suspicious JavaScript redirection

    is there a better way i can redirect http requests to https?

    thank you very much.

Viewing 1 replies (of 1 total)
  • Plugin Author quttera

    (@quttera)

    Thank you for reporting this issue.

    We mark it as suspicious because there are multiple malware instances utilizing this technique to steal/redirect traffic from infected websites.

    Please whitelist this detection on your side.

    Next to the detection section, you will find a button “Whitelist file” or “Ignore Threat”.

    Please use it and plugin won’t claim anymore on this files.

Viewing 1 replies (of 1 total)
  • The topic ‘(dot)haccess false positive?’ is closed to new replies.