# 5G:[REQUEST STRINGS] rule prevents access to browserconfig.xml file

  • Resolved steeeg

    (@steeeg)


    1 year, 3 months ago

    In the 5G REQUEST STRINGS part of the 5G rules there is a line

    RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml)

    This line prevents having access to the browserconfig.xml file used for defining tile configuration of Windows 8 and 10. The rule is not “sharp” enough to prevent access to that typical attack of config.xml, but not blocking browserconfig.xml

    As the rules make use of mod_alias, there is no way to prevent this behaviour except to rename the browserconfig.xml to somethingelse.xml and create a custom rule 

    RewriteRule browserconfig\.xml$ /somethingelse.xml [R=301,L]

    to prevent this blocking.

    As this is just a walkaround, is there a better way that the browserconfig.xml file is not blocked by the 5G rules?

Viewing 1 replies (of 1 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @steeeg

    As per the rule if file have config.xml at end it will block and show 403 forbidden,

    You can remove that config.xml part of 5G rules by copying .htaccess all 5G rules and place other 5G firweall rules as custom rules. WP Security > Firewall > Custom rules.

    Disable 5G rules then from WP Security > Firewall > 6G black list rules.

    Regards

Viewing 1 replies (of 1 total)
  • The topic ‘# 5G:[REQUEST STRINGS] rule prevents access to browserconfig.xml file’ is closed to new replies.