New update blocks site monitoring

  • Resolved isaacl

    (@isaacl)


    9 years, 3 months ago

    The new REQUEST METHODS FILTERED code seems to block the monitoring that I had set up for my site (Hyperspin and the wordpress.com monitoring, from what I found so far).
    In order to unblock them, I had to comment out the last 2 lines (assuming I did that correctly) for that section:

    # RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
# RewriteRule ^(.*)$ - [R=405,L]

    Any other ways to get that working correctly?
    Or is that the best way to allow the monitoring to still work?

    https://www.ads-software.com/plugins/bulletproof-security/

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author AITpro

    (@aitpro)

    https://forum.ait-pro.com/forums/topic/whitelist-bots-allow-good-bots-to-make-a-head-request/

    You can either allow all HEAD Requests by commenting out the 2 lines you have already commented out and save all of that code to BPS Custom Code or you can go for something a little more advanced. Something like this below:

    # REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
RewriteCond %{HTTP_USER_AGENT} !^(bot1|bot2|bot3|bot4) [NC]
RewriteRule ^(.*)$ - [R=405,L]
    Plugin Author AITpro

    (@aitpro)

    And of course you would replace the “bot1|bot2” etc examples with the actual user agent/bot name for any user agents/bots you want to allow to make HEAD Requests on your website.

    Plugin Author AITpro

    (@aitpro)

    And you can whitelist by IP address instead of user agent. See this forum topic for examples: https://forum.ait-pro.com/forums/topic/split-uptimerobot-whitelist-uptimerobot-bot/page/2/#post-7168

    Thread Starter isaacl

    (@isaacl)

    Thanks.
    Guess I would somehow have to figure out the bot names, or use the IP address method, though at this point, I’m not sure I’m scared of just allowing all HEAD requests (unless there’s a big risk involved there)…

    Plugin Author AITpro

    (@aitpro)

    No risk at all. The REQUEST METHODS FILTERED code is just nuisance protection code against nuisance bots and is not security protection code. You would get the user agent/bot names or IP addresses from the BPS Security Log entries if you are feeling adventurous, otherwise just go the simple route and allow all HEAD Requests. ??

    Thread Starter isaacl

    (@isaacl)

    Awesome, think I’m going to go the lazy way for now and just leave those lines commented out and allow all head requests for now.
    Thanks for the info and awesome plugin.
    One of these days I should be getting myself the Pro version…
    Any sales coming up? ??

    Plugin Author AITpro

    (@aitpro)

    Yep lazy is my usual method of choice too. ?? Make sure to copy your code to BPS Custom Code so that your modifications/customizations are saved permanently. It’s a sale every day for BPS Pro – dirt cheap bargain. ??

    Thread Starter isaacl

    (@isaacl)

    Already did, thanks.
    Have to convince myself I need the Pro version, but will get it eventually, thanks.

    Plugin Author AITpro

    (@aitpro)

    So I guess we can call this thread resolved then? If so, mark it as resolved. Thanks.

    Thread Starter isaacl

    (@isaacl)

    Sure, thanks!

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘New update blocks site monitoring’ is closed to new replies.