Protect the login page against

  • Resolved dimal

    (@dimalifragis)


    5 years, 8 months ago

    Hello.

    It seems that default (POST request attacks) is selected (and reverted back) whenever i select the 1st or the 3rd option. Always go back to the default (2nd) when you save.

    Could be visual ? Or the default is actually active ?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Yes, it’s a known issue that was reported a few weeks ago. The firewall will follow your changes, but the “Login Protection” will keep showing “POST” as the selected option.
    This is just due to a missing ! character line 44 before preg_match in the login_protection.php script.
    Current code:

    if ( empty( $bfconfig['bf_request'] ) || preg_match('/^(GET|POST|GETPOST)$/', $bfconfig['bf_request'] ) ) {

    Should be:

    if ( empty( $bfconfig['bf_request'] ) || ! preg_match('/^(GET|POST|GETPOST)$/', $bfconfig['bf_request'] ) ) {
    Thread Starter dimal

    (@dimalifragis)

    Same issue i guess in

    Block system.multicall method

    Block Pingbacks

    settings.

    Plugin Author nintechnet

    (@nintechnet)

    If you enabled “Block any access to the API”, the next two options will be unchecked because they don’t make sense anymore if the whole API is blocked.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Protect the login page against’ is closed to new replies.