Problem with Super Cache

Viewing 6 replies - 1 through 6 (of 6 total)

  • Can you please tell me which Firewall rule causes the issue you are describing? I am guessing you have enabled some firewall rules via this plugin on your site?

    Thread Starter Belline

    (@belline)

    Not sure, but i think it’s “Bad Query Strings”

    I can’t use the administrative interface for several plugins when it’s active.

    The .htaccess code is too generalized and will block a lot of “good” things as opposed to mostly “bad” things.

    Just need to go through the wp-security-utility-htaccess.php and change most of the rules. FYI the 5G Blacklist is very useful, but once again it is too generalized and you will need to target conditions more specifically. Been there done that years ago with BPS. ?? Nice start guys! Good luck.

    $rules .= AIOWPSecurity_Utility_Htaccess::$deny_bad_query_strings_marker_start . PHP_EOL; //Add feature marker start
            $rules .= 'RewriteCond %{QUERY_STRING} ../    [NC,OR]' . PHP_EOL;
            //$rules .= 'RewriteCond %{QUERY_STRING} boot.ini [NC,OR]' . PHP_EOL;
            $rules .= 'RewriteCond %{QUERY_STRING} tag=     [NC,OR]' . PHP_EOL;
            $rules .= 'RewriteCond %{QUERY_STRING} ftp:     [NC,OR]' . PHP_EOL;
            $rules .= 'RewriteCond %{QUERY_STRING} http:    [NC,OR]' . PHP_EOL;
            $rules .= 'RewriteCond %{QUERY_STRING} https:   [NC,OR]' . PHP_EOL;
            $rules .= 'RewriteCond %{QUERY_STRING} mosConfig [NC,OR]' . PHP_EOL;
            //$rules .= 'RewriteCond %{QUERY_STRING} ^.*([|]|(|)||\'|"|;|?|*).* [NC,OR]' . PHP_EOL;
            //$rules .= 'RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]' . PHP_EOL;
            //$rules .= 'RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127.0).* [NC,OR]' . PHP_EOL;
            $rules .= 'RewriteCond %{QUERY_STRING} ^.*(globals|encode|config|localhost|loopback).* [NC,OR]' . PHP_EOL;
            $rules .= 'RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]' . PHP_EOL;
            $rules .= 'RewriteRule ^(.*)$ - [F,L]' . PHP_EOL;
            $rules .= AIOWPSecurity_Utility_Htaccess::$deny_bad_query_strings_marker_end . PHP_EOL; //Add feature marker end

    Thank you for the details. Please don’t use the “Bad Query Strings” firewall option on your site for the time being (it is one of the advanced firewall features). That one does have the potential to block a few other things as AITpro pointed out (thank you for the suggestion).

    I don’t want to just remove the ruleset blindly to make it work with a plugin though (someone else might still find some of those rules useful). I think we can split it into smaller ruleset so you get more granularity in terms of which ones you activate on your site. Something to work on for the next version.

    What has been working really well for me is to do this. Minimal good things blocked – maximum bad things blocked. By creating 2 matching conditions (groups) like this you can refine things down to what is really going to be bad. ??
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

    Thanks for the tip. Much appreciated.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Problem with Super Cache’ is closed to new replies.