Good idea but needs a little work

Hi,

Thanks for your feedback. I’m sorry that the plugin does not work on your website.

Could you send me a copy of a correct and a corrupt version of your .htaccess file? So I can see where it goes wrong.

Thanks.

JP

Hi Fresh-Media:
I obviously cannot say what aapc experienced, but perhaps this could be related info:
I’ve used another popular security plugin that used a method of automatically editing the htaccess file. When dubious access attempt was registered the attacking ip was immediately written to a blacklist in the htaccess file. The problem with this approach was that it often took place while the server was under most pressure. And eventually the server would fail to finish writing due to lack of ressources which resulted in a corrupted htaccess file (as described by aapc). This is impossible to replicate for a regular user like me, so it’s still only a theory, but I’ve corrollated the general server stats with the time of the file modification, so I think it’s the most likely explanation for this.
I’m no expert in htaccess, but I think one should avoid direct manipulation if possible. Or perhaps do the manipulation in a more thorough way (write to a temp file first, ensure integrity of the new file, and then swap the file by simply renaming/overwriting? Just some thoughts.
PS: Now I’m ranting anyway: How about a button i the GUI, that said “Whitelist my current IP-number (xxx.xxx.xx.xx)”? That would be user friendly.

Hi,

Thanks for your post! I greatly appreciate you taking the time to help to make the plugin better.

I think you’re right. I like your idea of writing a temp file first before writing in the htaccess file. I will investigate how to to implement this.

And your idea about the “whitelist current IP”-button is also great! I will put it on the list for the next version.

Thanks.

JP