Apache 2.4 incompatibility

Hi, thank you for sharing your findings about Apache 2.4. Until this gets updated in a future release you can carry out the following option.

Find out which rules are affected by the Apache upgrade on your server. Once you know the rules affected by the changes, copy and paste those rules from your .htaccess file into Custom Rules tab located in Firewall security settings. Make the changes necessary as you pointed out above in your example. Then disable those settings in the plugin.

This will allow you to run those security rules in your site without having to edit the .htaccess file any more every time you update the plugin.

Actually my solution is the hack of the wp-security-utility-htaccess class. The point is that I need to recheck all of this staff after any update.

My edits are:

static function getrules_block_wp_file_access()
    {
        global $aio_wp_security;
        $rules = '';
        if ($aio_wp_security->configs->get_value('aiowps_prevent_default_wp_file_access') == '1') {
            $rules .= AIOWPSecurity_Utility_Htaccess::$prevent_wp_file_access_marker_start . PHP_EOL; //Add feature marker start
            $rules .= '<Files license.txt>
                        Require all denied
                        </files>
                        <Files wp-config-sample.php>
                        Require all denied
                        </Files>
                        <Files readme.html>
                        Require all denied
                        </Files>' . PHP_EOL;
            $rules .= AIOWPSecurity_Utility_Htaccess::$prevent_wp_file_access_marker_end . PHP_EOL; //Add feature marker end
        }

        return $rules;
    }

static function getrules_basic_htaccess()
    {
        global $aio_wp_security;

        $rules = '';
        if ($aio_wp_security->configs->get_value('aiowps_enable_basic_firewall') == '1') {
            $rules .= AIOWPSecurity_Utility_Htaccess::$basic_htaccess_rules_marker_start . PHP_EOL; //Add feature marker start
            //protect the htaccess file - this is done by default with apache config file but we are including it here for good measure
            $rules .= '<Files .htaccess>' . PHP_EOL;
            $rules .= 'Require all denied' . PHP_EOL;
            $rules .= '</Files>' . PHP_EOL;

            //disable the server signature
            $rules .= 'ServerSignature Off' . PHP_EOL;

            //limit file uploads to 10mb
            $rules .= 'LimitRequestBody 10240000' . PHP_EOL;

            // protect wpconfig.php.
            $rules .= '<Files wp-config.php>' . PHP_EOL;
            $rules .= 'Require all denied' . PHP_EOL;
            $rules .= '</Files>' . PHP_EOL;

            $rules .= AIOWPSecurity_Utility_Htaccess::$basic_htaccess_rules_marker_end . PHP_EOL; //Add feature marker end
        }
        return $rules;
    }

static function getrules_pingback_htaccess()
    {
        global $aio_wp_security;

        $rules = '';
        if ($aio_wp_security->configs->get_value('aiowps_enable_pingback_firewall') == '1') {
            $rules .= AIOWPSecurity_Utility_Htaccess::$pingback_htaccess_rules_marker_start . PHP_EOL; //Add feature marker start
            $rules .= '<Files xmlrpc.php>' . PHP_EOL;
            $rules .= 'Require all denied' . PHP_EOL;
            $rules .= '</Files>' . PHP_EOL;

            $rules .= AIOWPSecurity_Utility_Htaccess::$pingback_htaccess_rules_marker_end . PHP_EOL; //Add feature marker end
        }
        return $rules;
    }

static function getrules_block_debug_log_access_htaccess()
    {
        global $aio_wp_security;

        $rules = '';
        if ($aio_wp_security->configs->get_value('aiowps_block_debug_log_file_access') == '1') {
            $rules .= AIOWPSecurity_Utility_Htaccess::$debug_log_block_htaccess_rules_marker_start . PHP_EOL; //Add feature marker start
            $rules .= '<Files debug.log>' . PHP_EOL;
            $rules .= 'Require all denied' . PHP_EOL;
            $rules .= '</Files>' . PHP_EOL;
            $rules .= AIOWPSecurity_Utility_Htaccess::$debug_log_block_htaccess_rules_marker_end . PHP_EOL; //Add feature marker end
        }
        return $rules;
    }

# 5G:[USER AGENTS]
                        <IfModule mod_setenvif.c>
                                # SetEnvIfNoCase User-Agent ^$ keep_out
                                SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out
                                <limit GET POST PUT>
                                        Require all granted
                                        #Deny from env=keep_out
                                </limit>
                        </IfModule>

And all the blacklists/whitelists or reference protections are disabled from the control panel

Thank you for sharing your code. The plugin developers will investigate further your code and solution and will reply soon.

Regards

jiraky90,
No need to hack any plugin php files.
For now simply copy those rules and modify them and then use the custom firewall rules feature to paste them into the settings. (make sure you deactivate the original rules)
This is why the custom firewall feature was added – for scenarios exactly like yours.

In a future release we will eventually put checks in for apache versions and serve modified rules appropriately.

Which is the same of adding the rules directly to the .htaccess.
In any case, I could help with that if you need something.

Cheers

Hi,

when there is a release compatible with Apache 2.4 and higher?

greetings and thanks.