Add rule for query string

Hi,

In some sites this feature might not work and trigger some error messages like in your case. If that is the case you can leave “Bad Query Strings” rules disabled or you can modify them by figuring out which string is causing the trigger. Then all you have to do is copy and paste the modified rules in the custom rules section.

In general if you had to choose only one set of firewall rules to enable, it would be the 6G rules because they are the best all-round .htaccess firewall rules.

Let me know if the above helps you.

Thank you

Thanks. The string in issue is https://mysite.com/wp-content/plugins/raffle-ticket-generator-platinium/includes/image.php?t_number=7459-747Sim-2020-101&img_src=https://mysite.com/wp-content/plugins/raffle-ticket-generator-gold/tickets/an_image_file.png

How would I add that as an exception?

Hi,

The following is added to your .htaccess file by the feature Deny Bad Query String. Try and work out which of the following is blocking your string.

# BEGIN All In One WP Security
#AIOWPS_DENY_BAD_QUERY_STRINGS_START
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} ftp:     [NC,OR]
RewriteCond %{QUERY_STRING} http:    [NC,OR]
RewriteCond %{QUERY_STRING} https:   [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(request|insert|union|declare|drop) [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
#AIOWPS_DENY_BAD_QUERY_STRINGS_END
# END All In One WP Security

If you can’t work out which entry above blocks your string, then I recommend disabling this feature altogether.

Let me know how you go.

Thank you

Wow, not quite the helpful answer I was hoping for…

My apologies for my reply. Perhaps I did not say it correctly. This feature is important but there are times that it will cause issues to some sites because of their configuration and server settings. If that is the case, there is not much we can do unfortunately. That is why I shared the code above to allow you to try and work out which entry is blocking your string. In your case you might have to disable this feature altogether.

Let me know if the above makes more sense.

Kind regards

Thanks for the reply but unfortunately it’s way above my ability level. I’ve just disabled the feature for now…

Thank you for understanding. If you don’t need any more help, can you mark this support thread as resolved.

Kind regards

(Obviously do need help but apparently am not going to get any…)

Could this same plugin be stopping my access to the memcahced and redis servers on my hosting?

Hi,

(Obviously do need help but apparently am not going to get any…)

I am here to help you as much as possible, however there is not much more I can do regarding the issue in this thread.

Could this same plugin be stopping my access to the memcahced and redis servers on my hosting?

What issue are you experiencing? Can you share more information?

Thank you

I have memcached and redis installed on my host’s server. I’m using W3 total cache. If I select either memcached or redis for the cache method I just get a can’t connect message. Even this command from root: $fp = fsockopen(“127.0.0.1”, 11211); say’s can’t connect so just wondering if there’s something in AIOWS that might stop it? (long shot!)

Check to make sure the following feature Disallow Unauthorized REST Requests is not enabled. This is located in WP Security -> Miscellaneous -> WP REST API.

Regards

Unfortunately not. My host is seemingly telling me that whilst they are both installed and running I can’t use them. Not sure I understand but am no expert as you can tell!

Okay, then that makes sense why you are having this issue. Unfortunately there is not much more I can then.

Kind regards