.htaccess corruption
-
Hi,
We hae the latest version os WP Simple Firewall installed on one of our sites. What we are finding is that periodically the .htaccess file is getting corrupted and the site just displays 500 errors. As soon as we restore the .htaccess file the site is fine again. The .htaccess file timestamp is changing about every minute. If we disable Simple Firewall then the timestamp on the .htaccess file is not changed, so it is the firewall that is modifying the file.
Our understanding was that Simple Firewall didn’t touch the .htaccess file, but this does not seem to be the case. Is there any particular function of the firewall that has to change/update the .htaccess file?
How can we ensure that the file doesn’t get corrupted in future? What could the cause of the corruption be?
We are using PHP 5.4 with 128 MB memory limit set. We have set the wp_config.php file to have a memory limit of 128M.
Would changing the permission on the .htaccess file help?
Thank you for any help on this.
-
Hi,
Sorry for the trouble here. There is one possibility that might highlight the problem here but it’s not the root cause.
We identified an issue where people were using the rename wp login feature but didn’t have a valid .htaccess file as generated by WordPress from their permalinks settings
So with the latest version, it checks that there has been permalinks written and flushes the rewrite rules using a native function within wordpress… normally run when saving permalinks.
I’m wondering if in this case there is interference then with custom .htaccess rules and WordPress attempts to rewrite them and it then corrupts.
The firewall plugin doesn’t edit your .htaccess, but flushes the rewrite rules and WordPress may or may not update the .htaccess as required by the permalinks setting.
Can I ask 2 things? Can you show me your corrupt and non corrupt .htaccess, and also tell me if you have renamed your wp login? Do you have any other security plug in running, or another plugin that you can think of that would be writing to the .htaccess?
Hopefully we can get to the bottom of this one…
thanks for reporting it.I’ve released v4.7.3 that has removed this code temporarily that flushes the rewrite rules.
But, I’d still like to see what the corruption is in your .htaccess. I’m wondering if it’s left-over remains from a previous security plugin…
Hi Paul,
Yes, we are using the function to rename the login.
The only other security plugin we have is Wordfence. But I can give you a complete list of plugins if that would help.
Is there somewhere that I could send the 2 .htaccess files to you. I don’t want to post them here.
Thank you for looking into this and making the new version.
Hi,
The thing I’m interested in is the difference between the two files. Can you use something like: https://www.diffchecker.com/
to test the differences between the two? And if there isn’t anything sensitive in them, could you post that content here?Thanks!
Paul.Hi,
Here is what is in the bad file with a lot of spaces in front of this on the line:
Redirect permanent /v ancouverlistings/realestate/sold/item/225 http://www.domain.ca/condo/803-1033-marinaside-crescent-quaywest-1-yaletown-condo-vancouver-westthis is what it should have had in the file:
Redirect permanent /first-time-home-buyers-guide-episode-5-comparative-market-analysis-for-buyers-–-what’s-your-dream-home-worth http://www.domain.ca/first-time-home-buyers-guide-episode-5-comparative-market-analysis-for-buyers-whats-your-dream-home-worth Redirect permanent /proximity-vancouver-by-bastion-new-condo-presale-in-olympic-village-floor-plans-pricing-to-come http://www.domain.ca/proximity-a-sleek-and-sustainable-new-condo-development-near-olympic-village Redirect permanent /first-time-home-buyers-guide-vancouver-–-episode-2-–-where-to-buy http://www.domain.ca/first-time-home-buyers-guide-vancouver-episode-2-where-to-buy Redirect permanent /bennington-house-townhouses-on-the-cambie-corridor-pricing-floor-plans-to-come http://www.domain.ca/bennington-house-presale-condos-townhouses-on-the-cambie-corridor-floor-plans-pricing-to-come Redirect permanent /aperture-vancouver-new-condo-on-the-cambie-corridor-with-pricing-floor-plans http://www.domain.ca/aperture-an-architectural-marvel-along-vancouvers-fast-growing-cambie-corridor Redirect permanent /the-wohlsein-vancouver-presale-condo-with-floor-plans-pricing-to-come http://www.domain.ca/the-wohlsein-vancouver-presale-condo-with-floor-plans-pricing Redirect permanent /for-buyers/vancouver-condo-pre-sales/west-side-presale-condos http://www.domain.ca/for-buyers/vancouver-condo-pre-sales/west-side-presale # LISTINGS (OLD JOOMLA SITE) #Root of listings redirected manually with HTML file; this not needed: #Redirect permanent /vancouverlistings http://www.domain.ca Redirect permanent /vancouverlistings/sitemap http://www.domain.ca/sitemap # Key Listings by ID Redirect permanent /vancouverlistings/item/225 http://www.domain.ca/condo/803-1033-marinaside-crescent-quaywest-1-yaletown-condo-vancouver-west Redirect permanent /vancouverlistings/realestate/featured-listings/item/225 http://www.domain.ca/condo/803-1033-marinaside-crescent-quaywest-1-yaletown-condo-vancouver-west Redirect permanent /vancouverlistings/realestate/sold/item/225 http://www.domain.ca/condo/803-1033-marinaside-crescent-quaywest-1-yaletown-condo-vancouver-westThis is what is in the file before the bad code:
#WFIPBLOCKS - Do not remove this line. Disable Web Caching in Wordfence to remove this data. Order Deny,Allow #Do not remove this line. Disable Web Caching in Wordfence to remove this data - WFIPBLOCKS #WFCACHECODE - Do not remove this line. Disable Web Caching in Wordfence to remove this data. <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json <IfModule mod_headers.c> Header append Vary User-Agent env=!dont-vary </IfModule> <IfModule mod_mime.c> AddOutputFilter DEFLATE js css htm html xml </IfModule> </IfModule> <IfModule mod_mime.c> AddType text/html .html_gzip AddEncoding gzip .html_gzip AddType text/xml .xml_gzip AddEncoding gzip .xml_gzip </IfModule> <IfModule mod_setenvif.c> SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip SetEnvIfNoCase Request_URI \.xml_gzip$ no-gzip </IfModule> <IfModule mod_headers.c> Header set Vary "Accept-Encoding, Cookie" </IfModule> <IfModule mod_rewrite.c> #Prevents garbled chars in cached files if there is no default charset. AddDefaultCharset utf-8 #Cache rules: RewriteEngine On RewriteBase / RewriteCond %{HTTPS} on RewriteRule .* - [E=WRDFNC_HTTPS:_https] RewriteCond %{HTTP:Accept-Encoding} gzip RewriteRule .* - [E=WRDFNC_ENC:_gzip] RewriteCond %{REQUEST_METHOD} !=POST RewriteCond %{HTTPS} off RewriteCond %{QUERY_STRING} ^(?:\d+=\d+)?$ RewriteCond %{REQUEST_URI} (?:\/|\.html)$ [NC] RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|wf_logout|wordpress_logged_in|wptouch_switch_toggle|wpmp_switcher) [NC] RewriteCond %{REQUEST_URI} \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ RewriteCond "%{DOCUMENT_ROOT}/wp-content/wfcache/%{HTTP_HOST}_%1/%2~%3~%4~%5~%6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" -f RewriteRule \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ "/wp-content/wfcache/%{HTTP_HOST}_$1/$2~$3~$4~$5~$6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L] </IfModule> #Do not remove this line. Disable Web caching in Wordfence to remove this data - WFCACHECODE # BEGIN HTML5 Boilerplate # ---------------------------------------------------------------------- # Proper MIME type for all files # ---------------------------------------------------------------------- # JavaScript # Normalize to standard type (it's sniffed in IE anyways) # tools.ietf.org/html/rfc4329#section-7.2 AddType application/javascript js jsonp AddType application/json json # Audio AddType audio/ogg oga ogg AddType audio/mp4 m4a f4a f4b # Video AddType video/ogg ogv AddType video/mp4 mp4 m4v f4v f4p AddType video/webm webm AddType video/x-flv flv # SVG # Required for svg webfonts on iPad # twitter.com/FontSquirrel/status/14855840545 AddType image/svg+xml svg svgz AddEncoding gzip svgz # Webfonts AddType application/vnd.ms-fontobject eot AddType application/x-font-ttf ttf ttc AddType font/opentype otf AddType application/x-font-woff woff # Assorted types AddType image/x-icon ico AddType image/webp webp AddType text/cache-manifest appcache manifest AddType text/x-component htc AddType application/xml rss atom xml rdf AddType application/x-chrome-extension crx AddType application/x-opera-extension oex AddType application/x-xpinstall xpi AddType application/octet-stream safariextz AddType application/x-web-app-manifest+json webapp AddType text/x-vcard vcf AddType application/x-shockwave-flash swf # ---------------------------------------------------------------------- # Expires headers (for better cache control) # ---------------------------------------------------------------------- # These are pretty far-future expires headers. # They assume you control versioning with filename-based cache busting # Additionally, consider that outdated proxies may miscache # www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/ # If you don't use filenames to version, lower the CSS and JS to something like # "access plus 1 week" or so. <IfModule mod_expires.c> ExpiresActive on # Perhaps better to whitelist expires rules? Perhaps. ExpiresDefault "access plus 1 month" # cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5) ExpiresByType text/cache-manifest "access plus 0 seconds" # Your document html ExpiresByType text/html "access plus 0 seconds" # Data ExpiresByType text/xml "access plus 0 seconds" ExpiresByType application/xml "access plus 0 seconds" ExpiresByType application/json "access plus 0 seconds" # Feed ExpiresByType application/rss+xml "access plus 1 hour" ExpiresByType application/atom+xml "access plus 1 hour" # Favicon (cannot be renamed) ExpiresByType image/x-icon "access plus 1 week" # Media: images, video, audio ExpiresByType image/gif "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType image/jpg "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType video/ogg "access plus 1 month" ExpiresByType audio/ogg "access plus 1 month" ExpiresByType video/mp4 "access plus 1 month" ExpiresByType video/webm "access plus 1 month" # HTC files (css3pie) ExpiresByType text/x-component "access plus 1 month" # Webfonts ExpiresByType application/x-font-ttf "access plus 1 month" ExpiresByType font/opentype "access plus 1 month" ExpiresByType application/x-font-woff "access plus 1 month" ExpiresByType image/svg+xml "access plus 1 month" ExpiresByType application/vnd.ms-fontobject "access plus 1 month" # CSS and JavaScript ExpiresByType text/css "access plus 1 year" ExpiresByType application/javascript "access plus 1 year" </IfModule> # ---------------------------------------------------------------------- # ETag removal # ---------------------------------------------------------------------- # FileETag None is not enough for every server. # <IfModule mod_headers.c> # Header unset ETag # </IfModule> # Since we're sending far-future expires, we don't need ETags for # static content. # developer.yahoo.com/performance/rules.html#etags # FileETag None Options -Indexes # Block access to "hidden" directories or files whose names begin with a period. This # includes directories used by version control systems such as Subversion or Git. <IfModule mod_rewrite.c> RewriteCond %{SCRIPT_FILENAME} -d [OR] RewriteCond %{SCRIPT_FILENAME} -f RewriteRule "(^|/)\." - [F] </IfModule> # Block access to backup and source files # This files may be left by some text/html editors and # pose a great security danger, when someone can access them <FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$"> Order allow,deny Deny from all Satisfy All </FilesMatch> # Block access to WordPress files that reveal version information. <FilesMatch "^(wp-config\.php|readme\.html|license\.txt)"> Order allow,deny Deny from all Satisfy All </FilesMatch> <Files "xml-sitemap-xsl.php"> Allow from all </Files> # END HTML5 Boilerplate RewriteCond %{HTTP_HOST} !^www\.domain\.ca$ [NC] RewriteRule ^(.*)$ http://www.domain.ca/$1 [L,R=301] #2015 Wildcard Redirects #Replace spaces with hyphens and redirect tags RewriteRule ^vancouverlistings/realestate/featured-listings/itemlist/tag/(.*)$ /content/fix_tag_urls.php [L] RewriteRule ^vancouverlistings/realestate/sold/itemlist/tag/(.*)$ /content/fix_tag_urls.php [L] RewriteRule ^vancouverlistings/component/k2/itemlist/tag/(.*)$ /content/fix_tag_urls.php [L] RewriteRule ^vancouverlistings/itemlist/tag/(.*)$ /content/fix_tag_urls.php [L] # Replace /vancouverlistings/item/*-xxxxxxx remove *- #RewriteRule ^vancouverlistings/item/([0-9]+)\-(.*)$ http://www.domain.ca/condo/$2 [NC,L,R=301] #RewriteRule ^vancouverlistings/realestate/featured-listings/item/([0-9]+)\-(.*)$ http://www.domain.ca/condo/$2 [NC,L,R=301] #RewriteRule ^vancouverlistings/realestate/sold/item/([0-9]+)\-(.*)$ http://www.domain.ca/condo/$2 [NC,L,R=301] RewriteRule ^vancouverlistings/item/([0-9]+)\-(.*)$ /content/fix_urls.php [L] RewriteRule ^vancouverlistings/realestate/sold/item/([0-9]+)\-(.*)$ /content/fix_urls.php [L] RewriteRule ^vancouverlistings/realestate/featured-listings/item/([0-9]+)\-(.*)$ /content/fix_urls.php [L] RewriteRule ^listing_details.php$ http://www.domain.ca/condos/? [R=301,L] RewriteRule ^vancouverlistings/itemlist/$ http://www.domain.ca/condos/? [R=301,L] # END of Wildcard redirects # BEGIN Change backend login URL - NOT USED - Done by the firewall now #RewriteRule ^manage/(.*) wp-admin/$1?%{QUERY_STRING} [L] # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress ########## 2015 Redirects ########## # Line49 project redirects Redirect permanent /artwork http://www.domain.ca/_demo Redirect permanent /demo http://www.domain.ca/_demo Redirect permanent /login http://domain.ca/manage #Redirect permanent /help #Redirect permanent /mockups Redirect permanent /site-map https://docs.google.com/spreadsheet/ccc?key=0AvzqfV61YfTKdGVtbGtpSzN2OWR6S2hIX2FxdzJHZlE&usp=sharing # Global Redirects (see also Wildcard redirects above) #Redirect permanent /vancouverlistings/realestate/featured-listings/itemlist/tag/ http://www.domain.ca/tag/ #Redirect permanent /vancouverlistings/realestate/sold/itemlist/tag/ http://www.domain.ca/tag/ #Redirect permanent /vancouverlistings/component/k2/itemlist/tag/ http://www.domain.ca/tag/ #Redirect permanent /vancouverlistings/itemlist/tag/ http://www.domain.ca/tag/ # CONTENT Redirect permanent /get-started http://www.domain.ca/contact/get-started Redirect permanent /vidoe-library http://www.domain.ca/video-library Redirect permanent /category/vidoe-library http://www.domain.ca/category/video-library Redirect permanent /faq http://www.domain.ca/knowledge Redirect permanent /contact-us http://www.domain.ca/contact Redirect permanent /testimonials http://www.domain.ca/about/testimonials # Client URL changes Redirect permanent /the-ivy-on-dunbar-condo-living-on-vancouvers-enviable-westside-pricing-floor-plans-coming-soon http://www.domain.ca/the-ivy-on-dunbar-condo-living-on-vancouvers-enviable-westside # BLOG Redirect permanent /blog/2007/ http://www.domain.ca/ Redirect permanent /blog/2008/ http://www.domain.ca/ Redirect permanent /blog/2009/ http://www.domain.ca/ Redirect permanent /blog/2010/ http://www.domain.ca/ Redirect permanent /blog/2011/ http://www.domain.ca/ Redirect permanent /blog/2012/ http://www.domain.ca/ Redirect permanent /blog/2013/ http://www.domain.ca/ Redirect permanent /blog/2014/ http://www.domain.ca/ Redirect permanent /blog/2015/ http://www.domain.ca/and then there are more redirects after the bad code.
Hope that helps
Thank you for looking into this.
I’m curious, if you use the WordPress Permalinks function and just resave them, does it corrupt your .htaccess?
(take a backup of your .htaccess before you try that.)
Hi,
Well the .htaccess file got corrupted again. This is the code that is causing a problem this time:
#WFIPBLOCKS - Do not remove this line. Disable Web Caching in Wordfence to remove this data. Order Deny,Allow #Do not remove this line. Disable Web Caching in Wordfence to remove this data - WFIPBLOCKS #WFCACHECODE - Do not remove this line. Disable Web Caching in Wordfence to remove this data. <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json <IfModule mod_headers.c> Header append Vary User-Agent env=!dont-vary </IfModule> <IfModule mod_mime.c> AddOutputFilter DEFLATE js css htm html xml </IfModule> </IfModule> <IfModule mod_mime.c> AddType text/html .html_gzip AddEncoding gzip .html_gzip AddType text/xml .xml_gzip AddEncoding gzip .xml_gzip </IfModule> <IfModule mod_setenvif.c> SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip SetEnvIfNoCase Request_URI \.xml_gzip$ no-gzip </IfModule> <IfModule mod_headers.c> Header set Vary "Accept-Encoding, Cookie" </IfModule> <IfModule mod_rewrite.c> #Prevents garbled chars in cached files if there is no default charset. AddDefaultCharset utf-8 #Cache rules: RewriteEngine On RewriteBase / RewriteCond %{HTTPS} on RewriteRule .* - [E=WRDFNC_HTTPS:_https] RewriteCond %{HTTP:Accept-Encoding} gzip RewriteRule .* - [E=WRDFNC_ENC:_gzip] RewriteCond %{REQUEST_METHOD} !=POST RewriteCond %{HTTPS} off RewriteCond %{QUERY_STRING} ^(?:\d+=\d+)?$ RewriteCond %{REQUEST_URI} (?:\/|\.html)$ [NC] RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|wf_logout|wordpress_logged_in|wptouch_switch_toggle|wpmp_switcher) [NC] RewriteCond %{REQUEST_URI} \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ RewriteCond "%{DOCUMENT_ROOT}/wp-content/wfcache/%{HTTP_HOST}_%1/%2~%3~%4~%5~%6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" -f RewriteRule \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ "/wp-content/wfcache/%{HTTP_HOST}_$1/$2~$3~$4~$5~$6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L] </IfModule> #Do not remove this line. Disable Web caching in Wordfence to remove this data - WFCACHECODESo it looks like Wordfence may be the issue. I am not sure what in the above is causing the problem, but when I remove the whole block, the site works again. We weren’t getting a 500 error this time, the site just looked like it was missing all of the css.
So, what other security/caching plugins to you recommend using with your Simple Firewall? We need frequency/brute force banning. Simple Firewall seem to only handle login brute force attempts, but not other kinds of brute force attempts. It also doesn’t seem to automatically ban IP addresses when an IP address has made a number of hacking or bad login attempts. An email is sent, but the IP isn’t blocked.
Thank you.
Hey,
We don’t, in principle, advocate IP addresses and blocking them as a means to a reliable approach to security. I wrote about that here:
https://www.icontrolwp.com/2014/06/beware-new-security-theat-wordpress-misinformation-virus/I’m not sure what to suggest for your problem… if sites are sending you truly malicious data, the principle is that our firewall will pick it up and block it outright. It can’t be guaranteed to catch everything, not can guarantee that, but since most attacks come from bot-nets, blocking IPs causes you problems with ever-growing IP lookup tables – which then have to be queried for ever single page load.
Do you use something like CloudFlare? They stop many malicious attempts before ever reaching your server, and offer performance and caching services…. free.
I’m open to suggestions however…
I hope that helps.
Paul.Hi,
Is there anything I can do to help you out with this further?
Hi Paul,
Since you made the new version that doesn’t do the flushing, things seem to be working without any more .htaccess corruptions so far.
So, at this point that seems to have solved the problem.
Thank you so much for your help. We really appreciate you taking this seriously and the quick response.
Okay great! I’ll set the ticket as resolved 🙂
Can I ask a huge favour? Would you mind leaving us a nice review on ww.wp.xz.cn… it just really helps with new user confidence and getting traction.
thanks!
Paul.
The topic ‘.htaccess corruption’ is closed to new replies.
