Configuration
Version: 4.3.2
Author: AskApache
Author URI: http://www.askapache.com/
== Installation ==
1. Extract zip in plugins directory
2. Activate the Plugin
3. Setup plugin options
*/
/*
/--------------------------------------------------------------------\
| |
| License: GPL |
| |
| AskApache Password Protect Plugin - Adds HTTP Basic Authentication |
| Copyright (C) 2008, AskApache, www.askapache.com |
| All rights reserved. |
| |
| This program is free software; you can redistribute it and/or |
| modify it under the terms of the GNU General Public License |
| as published by the Free Software Foundation; either version 2 |
| of the License, or (at your option) any later version. |
| |
| This program is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| GNU General Public License for more details. |
| |
| You should have received a copy of the GNU General Public License |
| along with this program; if not, write to the |
| Free Software Foundation, Inc. |
| 51 Franklin Street, Fifth Floor |
| Boston, MA 02110-1301, USA |
| |
\--------------------------------------------------------------------/
*/
?>
45)$newrealm1=substr($newrealm1, 0, 45);
$aa_PP['realm']=$newrealm1;
if($aa_PP['S']['sid900']['ON']=='1')aa_pp_activate_sid('sid900');
if($aa_PP['S']['sid800']['ON']=='1')aa_pp_activate_sid('sid800');
}
if(isset($_POST['htpasswdfile']) && $_POST['htpasswdfile']!=$aa_PP['htpasswd']){
if(!is_writable(dirname($_POST['htpasswdfile'])) && !touch($_POST['htpasswdfile'])) return aa_pp_err($_POST['htpasswdfile'].' location is not writable!');
else {
if(!aa_pp_insert_mark($_POST['htpasswdfile'],'AskApache PassPro',aa_pp_extract_mark($aa_PP['htpasswd'],'AskApache PassPro')))return aa_pp_err('error writing new password file.');
else aa_pp_unlink($aa_PP['htpasswd']);
$aa_PP['htpasswd']=$_POST['htpasswdfile'];
if($aa_PP['S']['sid900']['ON']=='1')aa_pp_activate_sid('sid900');
if($aa_PP['S']['sid800']['ON']=='1')aa_pp_activate_sid('sid800');
}
}
}
else if(isset($_POST['aappsetupcomplete'])){
if(isset($_POST['aapassformat']))$aa_PP['format']=$_POST['aapassformat'];
if(isset($_POST['htaccessuser']) && isset($_POST['htaccesspass'])) $aa_PP['user']=$_POST['htaccessuser'];
if(isset($_POST['htaccessrealm']) && $aa_PP['realm']!=$_POST['htaccessrealm']) {
if(strlen($aa_PP['realm'])>45)$aa_PP['realm']=substr($aa_PP['realm'], 0, 45);
}
if(isset($_POST['htpasswdfile'])){
if(!is_writable(dirname($_POST['htpasswdfile'])) && !touch($_POST['htpasswdfile'])) return aa_pp_err($_POST['htpasswdfile'].' location is not writable!');
else $aa_PP['htpasswd']=$_POST['htpasswdfile'];
}
$aa_PP['HTPASSWD_RULES']=array(aa_pp_hashit($_POST['aapassformat'],$_POST['htaccessuser'],$_POST['htaccesspass']));
if(!aa_pp_insert_mark($aa_PP['htpasswd'],'AskApache PassPro',$aa_PP['HTPASSWD_RULES'])) return aa_pp_err('Error Creating '.$aa_PP['htpasswd']);
if(isset($_POST['sid900']))aa_pp_activate_sid('sid900');
else aa_pp_erase_sid('sid900');
}
else if(isset($_POST['updatemodules'])){
if($aa_PP['mod_rewrite_support']=='1'){
$activate_modrewrite=false;
foreach($_POST as $pname){
if(strpos($pname,'sid10')!==false)$activate_modrewrite=true;
}
if($activate_modrewrite) aa_pp_activate_sid('modrewrite');
else aa_pp_erase_sid('modrewrite');
}
foreach($aa_PP['S'] as $n=>$sid){
if($n[0]!='s')continue;
if(isset($_POST[$n]))aa_pp_activate_sid($n);
else aa_pp_erase_sid($n);
}
/*
if($aa_PP['mod_security_support']=='1') {
if(isset($_POST['sid2000']))aa_pp_activate_sid('modsecurity');
else aa_pp_erase_sid('modsecurity');
}
*/
}
if(AA_PP_DEBUG){echo '';print_r($_POST);echo ' ';}
update_option('askapache_password_protect',$aa_PP);
}//=========================================================================================================================
// aa_pp_main_page
//-------------------------------------------------------------------------------------------------------------------------
function aa_pp_main_page() {
global $aa_PP;
aa_pp_print_header();
?>
0){
foreach($cu as $key){
$CURRENT_USERS[]=preg_replace('/(.+):(.+)/', "\\1", $key, 1);
}
}
return $CURRENT_USERS;
}//=========================================================================================================================
//---------------------------
function aa_pp_microtime(){
global $aa_pp_script_time,$aa_pp_socket_read_time;
return (float)array_sum(explode(' ', microtime()));
}//=====================================================================================
/* very cool! this is run during socket reads and checks whether the script
execution time limit or the socket read time limit has been met, killing
the script if so, otherwise returns true. Run with a cron-like process */
//---------------------------
function aa_pp_time_ok($print=0) {
global $aa_pp_script_time,$aa_pp_socket_read_time;
$current_time=aa_pp_microtime();
$total_time=($current_time - $aa_pp_script_time);
$sock_time=($current_time - $aa_pp_socket_read_time);
if($print) echo ($print==1) ? round($total_time,4)."\n" : round($sock_time,4)."\n";
else {
if((float)$total_time > AA_PP_MAX_TIME) return aa_pp_err('killed script.. time exceeded '.AA_PP_MAX_TIME.' Total: '.$total_time);
if((float)$sock_time > AA_PP_SOCKET_TIME) return aa_pp_err('Killed socket.. time exceeded '.AA_PP_SOCKET_TIME.' Total: '.$sock_time);
}
return true;
}//=====================================================================================
/* returns a socket pointer if valid or displays an error message
sets stream timeout, starts the clock to check for socket read time */
//---------------------------
function aa_pp_get_sock($target,$port){
global $aa_pp_script_time,$aa_pp_socket_read_time;
if(false===($fp = @fsockopen($target,$port,$errno,$errstr,AA_PP_CONNECT_TIME))||!is_resource($fp)) return aa_pp_sock_strerror($errno,$errstr);
@stream_set_timeout($fp, AA_PP_SOCKET_TIME);
return $fp;
}//=====================================================================================
/* writes request, then reads response until EOF, script max, or socket max
returns response on success. Uses buffer to allow size>100megs */
//---------------------------
function aa_pp_txrx($fp,$request,$chunk=128){
global $aa_pp_script_time,$aa_pp_socket_read_time;
$aa_pp_socket_read_time=aa_pp_microtime();
$rec=$buf='';
if(!@fwrite($fp, $request, strlen($request)))return aa_pp_err('fwrite error');
while ( !@feof($fp) && aa_pp_time_ok() && strpos( $response, AA_CRLF )===false){
$buf = @fread($fp, $chunk);
$rec .= $buf;
}
if(!@fclose($fp))return aa_pp_err('fclose error');
return $rec;
}//=====================================================================================
/* handles fsockopen errors, printing them out though you may want to die on err */
//---------------------------
function aa_pp_sock_strerror($errno,$errstr){
switch($errno){
case -3: $err="Socket creation failed"; break;
case -4: $err="DNS lookup failure"; break;
case -5: $err="Connection refused or timed out"; break;
case 111: $err="Connection refused"; break;
case 113: $err="No route to host"; break;
case 110: $err="Connection timed out"; break;
case 104: $err="Connection reset by client"; break;
default: $err="Connection failed"; break;
}
return aa_pp_err("Fsockopen failed! [{$errno}] {$err} ({$errstr})");
}//=====================================================================================
function aa_pp_run_tests(){
global $wpdb, $aa_PP, $aa_pp_script_time,$aa_pp_socket_read_time;
$aa_pp_script_time=aa_pp_microtime();
$sep = "\n" . str_repeat('=', 80) . "
\n";
$success='[ SUCCESS ] ';
$fail='[ FAILED ] ';
$aa_pp_test_responder="";
$aa_pp_test_401="\n".
''."\n\n401 Authorization Required \n\n\nAuthorization Required \n".
'Protected by AskApache Password Protection
'.
"\n\n\n";
$aa_pp_rel_docroot=$aa_PP['root_path'].'/wp-content/'.basename($aa_PP['test_dir']).'/';
//$testing_mods=$aa_PP['test_dir'].'test.php';
//$testing_mods_401=$aa_PP['test_dir'].'401.php';
//$testing_mods_root=$aa_PP['test_dir'];
$siteurl=get_option('siteurl');
$su=parse_url($siteurl);
$test_base_url=str_replace('//','/',$su['scheme'].':///'.$su['host'].$aa_pp_rel_docroot);
$aa_pp_1_htaccess_test=array(
"DirectoryIndex {$aa_pp_rel_docroot}test.php test.php",
"ErrorDocument 401 {$aa_pp_rel_docroot}401.php",
"ErrorDocument 403 {$aa_pp_rel_docroot}401.php",
'#',
'#mod_rewrite test',
"",
"RewriteEngine On",
"RewriteBase /",
'RewriteCond %{QUERY_STRING} !^$ [NC]',
'RewriteCond %{QUERY_STRING} !askapachetest1 [NC]',
'RewriteRule .* /? [R=307,L]',
" ",
'#',
'#mod_security test',
"",
"SecFilterEngine On",
'SecFilter askapachetest1 "deny,nolog,noauditlog,status:503"',
" ",
'#',
'# mod_alias test',
"",
"RedirectMatch 305 ^.*askapacheredirecttest$ ".$aa_PP['scheme']."://".$_SERVER['HTTP_HOST']."/",
" ",
'#',
'# encryption test',
'',
'Order Deny,Allow','Deny from All','Satisfy Any',
'AuthName "askapache test"',
"AuthUserFile ".$aa_PP['test_dir']."/.htpasswda1",
"AuthType Basic",
"Require valid-user",
' '
);
echo "File Permissions and Writable Tests $sep";
$mess= ( @wp_mkdir_p( $aa_PP['test_dir'] ) ) ? $success : $fail;
echo "$mess Creating test folders ".$aa_PP['test_dir'].' ';
$mess= ( @is_writable($aa_PP['test_dir']) || @chmod($aa_PP['test_dir'],766)) ? $success : $fail;
echo "$mess Test folder writable ".$aa_PP['test_dir'].' ';
$mess= ( @is_writable(ABSPATH.'wp-admin') || @touch(ABSPATH.'wp-admin/.htaccess')) ? $success : $fail;
echo "$mess /wp-admin/.htaccess file is writable ".ABSPATH.'wp-admin/.htaccess'.' ';
$mess= ( aa_pp_insert_mark($aa_PP['htpasswd'],'AskApache PassPro',array()) ) ? $success : $fail;
echo "$mess .htpasswda1 file is writable ".$aa_PP['htpasswd'].' ';
$mess= ( aa_pp_file_put_c($aa_PP['test_dir']."/test.php",$aa_pp_test_responder) ) ? $success : $fail;
echo "$mess Create image test file ".$aa_PP['test_dir'].'/test.php ';
$mess= ( aa_pp_file_put_c($aa_PP['test_dir']."/401.php",$aa_pp_test_401) ) ? $success : $fail;
echo "$mess Create 401 test file ".$aa_PP['test_dir'].'/401.php ';
$mess= ( aa_pp_insert_mark($aa_PP['test_dir'].'/.htaccess', 'Test', $aa_pp_1_htaccess_test) ) ? $success : $fail;
echo "$mess .htaccess test file writable ".$aa_PP['test_dir'].'/.htaccess ';
echo "PHP Capabilities Tests $sep";
$fsock=( function_exists('fsockopen') && !@in_array('fsockopen', @explode(',',@ini_get('disable_functions'))) );
$mess= ( $fsock ) ? $success : $fail;
echo "$mess fsockopen enabled and allowed ";
$mess= ( @version_compare(phpversion(),'4.3.0','>=') ) ? $success : $fail;
echo "$mess Compatible php version ";
echo ".htaccess Capabilities Tests $sep";
$rv=aa_pp_test_resp("{$test_base_url}test.php",'200');
$mess= ( $rv[0]==200 ) ? $success : $fail;
$aa_PP['htaccess_support'] = ( $rv[0]==200 ) ? '1' : '0';
echo "$mess .htaccess capability detection {$test_base_url}test.php ";
aa_pp_resp_code($rv[0],$rv[1]);
$rv=aa_pp_test_resp("{$test_base_url}test.php?Q=1",'307');
$mess= ( $rv[0]==307 ) ? $success : $fail;
$aa_PP['mod_rewrite_support'] = ( $rv[0]==307 ) ? '1' : '0';
echo "$mess mod_rewrite capability detection {$test_base_url}test.php?Q=1 ";
aa_pp_resp_code($rv[0],$rv[1]);
$rv=aa_pp_test_resp("{$test_base_url}askapacheredirecttest",'305');
$mess= ( $rv[0]==305 ) ? $success : $fail;
$aa_PP['mod_alias_support'] = ( $rv[0]==305 ) ? '1' : '0';
echo "$mess mod_alias capability detection {$test_base_url}askapacheredirecttest ";
aa_pp_resp_code($rv[0],$rv[1]);
$rv=aa_pp_test_resp("{$test_base_url}test.php?askapachetest1",'503');
$mess= ( $rv[0]==503 ) ? $success : $fail;
$aa_PP['mod_security_support'] = ( $rv[0]==503 ) ? '1' : '0';
echo "$mess mod_security capability detection {$test_base_url}test.php?askapachetest1 ";
aa_pp_resp_code($rv[0],$rv[1]);
echo "Encryption Function Tests $sep";
$oke=array();
$oke['PLAIN']=$aa_PP['algorithms']['PLAIN'];
if( function_exists('md5') ) $oke['MD5']=$aa_PP['algorithms']['MD5'];
$mess= ( function_exists('md5') ) ? $success : $fail;
echo "$mess md5 encryption function exists ";
if( function_exists('crypt') ) $oke['CRYPT']=$aa_PP['algorithms']['CRYPT'];
$mess= ( function_exists('crypt') ) ? $success : $fail;
echo "$mess crypt encryption function exists ";
if( function_exists('sha1') ) $oke['SHA1']=$aa_PP['algorithms']['SHA1'];
$mess= ( function_exists('sha1') ) ? $success : $fail;
echo "$mess sha1 encryption function exists ";
$aa_PP['algorithms']=$oke;
$oke=array();
echo "Encryption Authentication Working $sep";
$htpasswds=aa_pp_hashit('TEST');
$mess= ( aa_pp_file_put_c($aa_PP['test_dir']."/passtest.php",$aa_pp_test_responder) ) ? $success : $fail;
echo "$mess Create encryption test file ".$aa_PP['test_dir'].'/passtest.php ';
$mess= ( aa_pp_insert_mark($aa_PP['test_dir'].'/.htpasswda1','AskApache PassPro',$htpasswds) ) ? $success : $fail;
echo "$mess Create .htpasswda1 test file ".$aa_PP['test_dir'].'/.htpasswda1'.' ';
foreach($aa_PP['algorithms'] as $key=>$value){
$rb=aa_pp_test_resp("{$test_base_url}passtest.php",'401',"fail{$key}");
$rg=aa_pp_test_resp("{$test_base_url}passtest.php",'200',"test{$key}");
$aa_PP['algorithms'][$key]['enabled'] = ( $rb[0]==401 && $rg[0]==200 ) ? '1' : '0';
$mess= ( $aa_PP['algorithms'][$key]['enabled']=='1' ) ? $success : $fail;
if($aa_PP['algorithms'][$key]['enabled']=='1'){
$oke[$key]=$aa_PP['algorithms'][$key];
$aa_PP['htaccess_support'] = '1';
}
echo "";
aa_pp_resp_code($rb[0],$rb[1]);
aa_pp_resp_code($rg[0],$rg[1]);
}
$aa_PP['algorithms']=$oke;
update_option('askapache_password_protect',$aa_PP);
}
function aa_pp_test_resp($url,$exp_code,$user_pass=''){
aa_pp_mess("Testing {$url} expecting code {$exp_code}");
$rbody=$data='';$resp_headers=array();
//$path=wp_nonce_url($p, 'askapache-crazy-cache-backend');
$ub = @parse_url($url);
if(!isset($ub['host'])||empty($ub['host'])) return aa_pp_err("bad url {$url}");
$proto = ($ub['scheme']=='https')?'ssl://':'';
$port = (isset($ub['port'])&&!empty($ub['port'])) ? $ub['port']:($proto!='')?443:80;
$path = (isset($ub['path'])&&!empty($ub['path'])) ? $ub['path']:'/';
$query = (isset($ub['query'])&&!empty($ub['query'])) ? '?'.$ub['query'] : '';
$host = $ub['host'];
$ipp = @gethostbyname($host);
$ip = ($ipp!=$host) ? long2ip(ip2long($ipp)) : $host;
$cookie = AUTH_COOKIE.'='.urlencode($_COOKIE[AUTH_COOKIE]);
$ref = $ub['scheme'].'://'.$ub['host'].'/';
$headers=array(
"GET {$path}{$query} HTTP/1.0",
"Host: {$host}",
'User-Agent: Mozilla/5.0 (AskApache/; +http://www.askapache.com/)',
'Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,*/*;q=0.5',
'Accept-Language: en-us,en;q=0.5',
'Accept-Encoding: none',
'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7',
'Connection: close',
"Referer: {$ref}"
);
if(strlen($user_pass)>1) $headers[]='Authorization: Basic '.base64_encode($user_pass.":".$user_pass);
$request=join(AA_CRLF,$headers).AA_CRLF.AA_CRLF;
$fp=aa_pp_get_sock($proto.$ip, $port);
if($fp){
$rec=aa_pp_txrx($fp,$request);
list($resp_headers,$rbody) = explode(AA_CRLF.AA_CRLF, trim($rec), 2);
if(!preg_match("|HTTP/[0-1]\.[0-1] ($exp_code)|is", trim($resp_headers), $response_code))return aa_pp_err("bad response code {$request} {$resp_headers} {$reponse_code}");
return array((int)$response_code[1],''.$request.$resp_headers.' ');
} else return aa_pp_err("fp test failed for {$path}");
}
function aa_pp_resp_code($code,$other=''){
$desc=( function_exists('get_status_header_desc') ) ? $code.' '.get_status_header_desc($code).'' : $code.''."\n";
echo 'Received Response Code: '.$desc;
if(AA_PP_DEBUG)echo $other;
}
// aa_pp_extract_mark
//-------------------------------------------------------------------------------------------------------------------------
function aa_pp_extract_mark( $filename, $marker ) {
if (!file_exists($filename) || !is_readable($filename))return false;
$result = array ();
if ($markerdata = explode("\n", implode('',file($filename)))){
$state = false;
foreach ($markerdata as $markerline) {
if (strpos($markerline,'# END '.$marker)!==false)$state = false;
if ($state)$result[]=$markerline;
if (strpos($markerline,'# BEGIN '.$marker)!==false)$state = true;
}
}
return $result;
}//=========================================================================================================================
// aa_pp_insert_mark
//-------------------------------------------------------------------------------------------------------------------------
function aa_pp_insert_mark( $filename, $marker, $insertion ) {
if (file_exists($filename) && !is_writable($filename) && @!chmod($filename,0666) && !touch($filename)) return false;
if (!file_exists($filename) && is_writable(dirname($filename)) && touch($filename))$markerdata = '';
else $markerdata = explode("\n", implode('',file($filename)));
$f=fopen( $filename, 'w');
$foundit = false;
if ($markerdata) {
$state = true;
foreach ( $markerdata as $n => $markerline) {
if (strpos($markerline,'# BEGIN '.$marker)!== false)$state = false;
if($state) {
if ($n+1 < count($markerdata))fwrite($f,"{$markerline}\n");
else fwrite($f, "{$markerline}");
}
if (strpos($markerline, '# END ' . $marker) !== false) {
if(is_array($insertion) && count($insertion) > 0){
fwrite($f,"# BEGIN {$marker}\n");
if (is_array($insertion)) foreach ( $insertion as $insertline ) fwrite($f, "{$insertline}\n");
fwrite($f, "# END {$marker}\n");
}
$state=true;
$foundit=true;
}
}
}
if (!$foundit) {
if(is_array($insertion) && count($insertion) > 0){
fwrite($f,"# BEGIN {$marker}\n");
foreach ($insertion as $insertline)fwrite($f, "{$insertline}\n");
fwrite($f,"# END {$marker}\n");
}
}
fclose($f);
return true;
}//=========================================================================================================================
// aa_pp_hashit
//-------------------------------------------------------------------------------------------------------------------------
function aa_pp_hashit($format,$user='',$pass=''){
global $aa_PP;
aa_pp_mess('Created '.$format.' Hash');
$hash='';
switch ($format){
case 'TEST':
$hash=array();
foreach($aa_PP['algorithms'] as $key=>$value)$hash[]=aa_pp_hashit($key,"test{$key}","test{$key}");
return $hash;
break;
case 'PLAIN':
$hash=$user.':'.$pass;
break;
case 'CRYPT':
$seed = NULL;
for ($i = 0; $i < 8; $i++) {$seed .= substr('0123456789abcdef', rand(0,15), 1);}
$hash=$user.':'.crypt($pass, "$1$".$seed);
break;
case 'SHA1':
$hash=$user.':{SHA}'.base64_encode(pack("H*", sha1($pass)));
break;
case 'MD5': // php.net/crypt.php#73619
$saltt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8);
$len = strlen($pass);$text = $pass.'$apr1$'.$saltt;$bin = pack("H32", md5($pass.$saltt.$pass));
for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); }
for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $pass{0}; }
$bin = pack("H32", md5($text));
for($i=0; $i<1000; $i++) { $new = ($i & 1) ? $pass : $bin; if ($i % 3) $new .= $saltt; if ($i % 7) $new .= $pass; $new .= ($i & 1) ? $bin : $pass; $bin = pack("H32", md5($new)); }
for($i=0; $i<5; $i++) { $k = $i + 6; $j=$i + 12; if($j==16){ $j = 5; } $TRp = $bin[$i].$bin[$k].$bin[$j].$TRp; }
$TRp = chr(0).chr(0).$bin[11].$TRp;
$TRp = strtr(strrev(substr(base64_encode($TRp), 2)),"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
$hash="$user:$"."apr1"."$".$saltt."$".$TRp;
break;
}
return $hash;
}//=========================================================================================================================
// aa_pp_print_header
//-------------------------------------------------------------------------------------------------------------------------
function aa_pp_print_header(){
global $aa_PP;
?>
Google 404 Plugin - .htaccess tutorial - .htaccess help forum
NOTE: This is an incredibly powerful plugin. This can easily take your site down temporarily./.htaccess + /wp-admin/.htaccess this plugin does NOT modify wordpress.
If you experience an error that you can't fix by disabling a security SID from the AskApache Password Protection Option Panel or resetting/re-activating the plugin, all you need to do is remove the sections added by the plugin from the 2 .htaccess files using ftp, ssh, webftp, or contact support, etc.. You should definately figure out how to do access those 2 files before you get going. That said, this plugin is sweet have fun! ;)
$value){?>
>
$value){?>
About This Plugin
'.$aa_PP['plugin_data']['Version'].''; ?>
:
',
'Allow from All',
' ',
'',
'',
'',
'SecFilterEngine Off',
' ',
'Allow from All',
' '
);
break;
case 'modrewrite':
$sidrules=array(
'RewriteEngine On',
'RewriteBase '.$aa_PP['root_path']
);
break;
case 'sid1000':
$sidrules=array(
'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ '.$aa_PP['root_path'].'wp-content/.*$ [NC]',
'RewriteCond %{REQUEST_FILENAME} !^.+flexible-upload-wp25js.php$',
'RewriteCond %{REQUEST_FILENAME} ^.+\.(php|html|htm|txt)$',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1010':
$sidrules=array(
'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ '.$aa_PP['root_path'].'wp-includes/.*$ [NC]',
'RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ '.$aa_PP['root_path'].'wp-includes/js/.+/.+\ HTTP/ [NC]',
'RewriteCond %{REQUEST_FILENAME} ^.+\.php$',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1011':
$sidrules=array(
//'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*%20.*\ HTTP/ [NC,OR]',
//'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.+(main|load|image|start)\.php.*\ HTTP/ [NC,OR]',
'RewriteCond %{REQUEST_URI} !^'.$aa_PP['root_path'].'(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]',
'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR]',
'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\=?(http|ftp|ssl|https):/.*\ HTTP/ [NC,OR]',
'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR]',
'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR]',
'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ HTTP/ [NC]',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1012':
$sidrules=array(
'RewriteCond %{HTTP_REFERER} !^$',
'RewriteCond %{REQUEST_URI} !^'.$aa_PP['root_path'].'(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]',
'RewriteCond %{HTTP_REFERER} !^'.$aa_PP['scheme'].'://'.$_SERVER['HTTP_HOST'].'.*$ [NC]',
'RewriteRule \.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$ - [F,NS,L]'
);
break;
case 'sid1015':
$sidrules=array(
'RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC]',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1017':
$sidrules=array(
'RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR]',
'RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$',
'RewriteCond %{REQUEST_URI} !^'.$aa_PP['root_path'].'(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]',
'RewriteCond %{REQUEST_METHOD} =POST',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1018':
$sidrules=array(
'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ '.$aa_PP['root_path'].'.*/wp-comments-post\.php.*\ HTTP/ [NC]',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1019':
$sidrules=array(
'RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .+\ HTTP/(0\.9|1\.0|1\.1) [NC]',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1020':
$sidrules=array(
'RewriteCond %{REQUEST_URI} !^'.$aa_PP['root_path'].'(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]',
'RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ [a-zA-Z0-9\.\+_/\-\?\=\&]+\ HTTP/ [NC]',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1021':
$sidrules=array(
'RewriteCond %{REQUEST_METHOD} =POST',
'RewriteCond %{REQUEST_URI} !^'.$aa_PP['root_path'].'(wp-admin/|wp-content/plugins/|wp-includes/).* [NC]',
'RewriteCond %{HTTP:Content-Length} ^$',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1022':
$sidrules=array(
'RewriteCond %{REQUEST_METHOD} =POST',
'RewriteCond %{REQUEST_URI} !^'.$aa_PP['root_path'].'(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]',
'RewriteCond %{HTTP:Content-Type} !^(application/x-www-form-urlencoded|multipart/form-data.*(boundary.*)?)$ [NC]',
'RewriteRule .* - [F,NS,L]'
);
break;
/*case 'sid1023':
$sidrules=array(
'RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .*(\.\./|\./\.).*\ HTTP/ [NC]',
'RewriteRule .* - [F,NS,L]'
);
break;*/
case 'sid1024':
$sidrules=array(
'RewriteCond %{HTTP_COOKIE} ^.*PHPSESS?ID.*$',
'RewriteCond %{HTTP_COOKIE} !^.*PHPSESS?ID=([0-9a-z]+);.*$',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1025':
$sidrules=array(
'RewriteCond %{REQUEST_URI} !^'.$aa_PP['root_path'].'(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]',
'RewriteCond %{HTTP_HOST} ^$',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1026':
$sidrules=array(
'RewriteCond %{HTTP:Content-Disposition} \.php [NC]',
'RewriteCond %{HTTP:Content-Type} image/.+ [NC]',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1027':
$sidrules=array(
'RewriteCond %{REQUEST_METHOD} =POST',
'RewriteCond %{REQUEST_URI} !^'.$aa_PP['root_path'].'(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]',
'RewriteCond %{HTTP_USER_AGENT} ^-?$',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1028':
$sidrules=array(
'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*/wp-comments-post\.php.*\ HTTP/ [NC]',
'RewriteCond %{HTTP_REFERER} ^-?$',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1029':
$sidrules=array(
'RewriteCond %{HTTP_USER_AGENT} ^.*(opera|mozilla|firefox|msie|safari).*$ [NC,OR]',
'RewriteCond %{HTTP_USER_AGENT} ^-?$',
'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.+/trackback/?\ HTTP/ [NC]',
'RewriteCond %{REQUEST_METHOD} =POST',
'RewriteRule .* - [F,NS,L]'
);
break;
case 'sid1030':
$sidrules=array(
'RewriteCond %{HTTPS} !=on [NC]',
'RewriteRule .* '.$aa_PP['scheme'].'://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]'
);
break;
case 'modsecurity':
$sidrules=array(
'SecFilterEngine On',
'SecFilterCheckURLEncoding On',
'SecFilterCheckUnicodeEncoding Off',
'SecFilterScanPOST On',
'SecFilterDefaultAction "deny,nolog,noauditlog,status:403"'
);
break;
/*
case 'sid2000':
$sidrules=array(
'SecFilterSelective REQUEST_METHOD "^(GET|HEAD)$" "chain"',
'SecFilterSelective HTTP_Content-Length "!^$"',
'',
'SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" "chain"',
'SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-urlencoded$|^multipart/form-data;)"',
'',
'SecFilterSelective REQUEST_METHOD "^POST$" "chain"',
'SecFilterSelective HTTP_Content-Length "^$"',
'',
'SecFilterSelective ARG_cache_lastpostdate "<\?php"',
'',
'',
'SecFilterSelective ARG_comment_post_ID "^$"',
' '
);
break;
*/
}
return $sidrules;
}//=========================================================================================================================
//-------------------------------------------------------------------------------------------------------------------------
function aa_pp_erase_sid($sid){
global $aa_PP;
$aa_PP['S']["$sid"]['ON']='0';
if(!aa_pp_insert_mark($aa_PP['S'][$sid]['FILE'],"AskApache $sid",''))return aa_pp_err('Failed to erase '.$sid."-".$aa_PP['S']["$sid"]['FILE']);
}//=========================================================================================================================
//-------------------------------------------------------------------------------------------------------------------------
function aa_pp_activate_sid($sid){
global $aa_PP;
$aa_PP['S']["$sid"]['ON']='1';
if(!aa_pp_insert_mark($aa_PP['S']["$sid"]['FILE'],"AskApache $sid",aa_pp_generate_sid_rules($sid)))return aa_pp_err('Failed to create '.$sid."-".$aa_PP['S']["$sid"]['FILE']);
}//=========================================================================================================================
// aa_pp_activate
//-------------------------------------------------------------------------------------------------------------------------
function aa_pp_activate(){
global $aa_PP;
$aa_PP=array();
/* we start over every time because its good practice to know what your .htaccess is doing. */
/* again I apologize but its better to be safe when the whole server is on the line. */
$oldoptions=array('aa_home_folder','aa_wpadmin_folder','aa_htpasswd_file','aa_htaccess_file','aa_original_htpasswd','aa_original_htaccess','aa_plugin_message','aa_plugin_version','aa_home','aa_wpadmin',
'aa_htpasswd_f','aa_htaccess_f','aa_user','aa_plugin_message','aa_home_folder','aa_wpadmin_folder','aa_htpasswd_file','aa_htaccess_file','aa_original_htpasswd','aa_original_htaccess','aa_plugin_message',
'aa_plugin_version','aa_pp_docroot_htaccess','aa_pp_wp_includes_htaccess','aa_pp_wp_content_htaccess','aa_pp_wp_includes_htaccess','aa_pp_main_base64','aa_pp_ok');
foreach($oldoptions as $key)$F=delete_option($key);
$aa_PP['htpasswd'] = ABSPATH.'.htpasswda1';
$aa_PP['htaccessusers']='';
$aa_PP['realm']='Protected By AskApache';
$aa_PP['user']='admin';
$aa_PP['format']='SHA1';
$home_path = parse_url(get_option('siteurl'));
$aa_PP['scheme'] = $home_path['scheme'];
$aa_PP['plugin_data'] = get_plugin_data(__FILE__);
$aa_PP['pass'] = '';
$aa_PP['blog_root_htaccess'] = ABSPATH.'.htaccess';
$aa_PP['root_path'] = rtrim($home_path['path'],'/').'/';
$aa_PP['config_step'] = '1';
$aa_PP['test_dir'] = ABSPATH.'wp-content/askapache';
$aa_PP['htaccess_support'] = '0';
$aa_PP['mod_alias_support'] = '0';
$aa_PP['mod_security_support'] = '0';
$aa_PP['mod_rewrite_support'] = '0';
$aa_PP['algorithms']=array(
'CRYPT' => array('enabled'=>'0','desc'=>'Unix only. Uses the traditional Unix crypt function with a randomly-generated 32-bit salt.'),
'MD5' => array('enabled'=>'0','desc'=>'Base64-encoded SHA-1 digest of the password.'),
'SHA1' => array('enabled'=>'0','desc'=>'Apache-specific algorithm using an iterated MD5 digest of random 32-bit salt and the password.'),
'PLAIN' => array('enabled'=>'0','desc'=>'(i.e. unencrypted) Windows, BEOS, & Netware only')
);
$aa_PP['S']['sid700']=array(
'ON'=>'0',
'TITLE'=>'Directory Protection',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>' Disable ',
'DESC'=>'Enable the DirectoryIndex Protection, preventing directory index listings and defaulting.');
$aa_PP['S']['sid800']=array(
'ON'=>'0',
'TITLE'=>'Password Protect wp-login.php',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'401 ',
'DESC'=>'Requires a valid user/pass to access the login page - *** Safe, Use.');
$aa_PP['S']['sid900']=array(
'ON'=>'0',
'TITLE'=>'Password Protect wp-admin',
'FILE'=>ABSPATH.'wp-admin/.htaccess',
'RESP'=>'401 ',
'DESC'=>'Requires a valid user/pass to access any non-static (css, js, images) file in this directory. - *** Safe, Use.');
$aa_PP['S']['modrewrite']=array(
'ON'=>'0',
'TITLE'=>'Mod_Rewrite Support',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'Read More ',
'DESC'=>'Uses the Apache Module mod_rewrite');
$aa_PP['S']['sid1000']=array(
'ON'=>'0',
'TITLE'=>'Protect wp-content',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'401 ',
'DESC'=>'Denies any Direct request for files ending in .php with a 403 Forbidden.. May break plugins/themes');
$aa_PP['S']['sid1010']=array(
'ON'=>'0',
'TITLE'=>'Protect wp-includes',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies any Direct request for files ending in .php with a 403 Forbidden.. May break plugins/themes');
$aa_PP['S']['sid1011']=array(
'ON'=>'0',
'TITLE'=>'Common Exploits',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Block common exploit requests with 403 Forbidden. These can help alot, may break some plugins.');
$aa_PP['S']['sid1012']=array(
'ON'=>'0',
'TITLE'=>'Stop Hotlinking',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies any request for static files (images, css, etc) if referrer is not local site or empty.');
$aa_PP['S']['sid1015']=array(
'ON'=>'0',
'TITLE'=>'Safe Request Methods',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies any request not using GET,PROPFIND,POST,OPTIONS,PUT,HEAD - *** Safe, Use.');
$aa_PP['S']['sid1017']=array(
'ON'=>'0',
'TITLE'=>'Forbid Proxies',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies any POST Request using a Proxy Server. Can still access site, but not comment. See Perishable Press ');
$aa_PP['S']['sid1018']=array(
'ON'=>'0',
'TITLE'=>'Real wp-comments-post.php',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies any POST attempt made to a non-existing wp-comments-post.php - *** Safe, Use.');
$aa_PP['S']['sid1019']=array(
'ON'=>'0',
'TITLE'=>'HTTP PROTOCOL',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only - *** Safe, Use.');
$aa_PP['S']['sid1020']=array(
'ON'=>'0',
'TITLE'=>'SPECIFY CHARACTERS',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies any request for a url containing characters other than "a-zA-Z0-9.+/-?=&" - REALLY helps but may break your site depending on your links.');
$aa_PP['S']['sid1021']=array(
'ON'=>'0',
'TITLE'=>'BAD Content Length',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies any POST request that doesnt have a Content-Length Header - *** Safe, Use.');
$aa_PP['S']['sid1022']=array(
'ON'=>'0',
'TITLE'=>'BAD Content Type',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies any POST request with a content type other than application/x-www-form-urlencoded|multipart/form-data - *** Safe, Use.');
$aa_PP['S']['sid1023']=array(
'ON'=>'0',
'TITLE'=>'Directory Traversal',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies Requests containing ../ or ./. which is a directory traversal exploit attempt - *** Safe, Use.');
/*$aa_PP['S']['sid1024']=array(
'ON'=>'0',
'TITLE'=>'PHPSESSID Cookie',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Only blocks when a PHPSESSID cookie is sent by the user and it contains characters other than 0-9a-z - *** Safe, Use.');*/
$aa_PP['S']['sid1025']=array(
'ON'=>'0',
'TITLE'=>'NO HOST:',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies requests that dont contain a HTTP HOST Header. - *** Safe, Use.');
$aa_PP['S']['sid1026']=array(
'ON'=>'0',
'TITLE'=>'Bogus Graphics Exploit',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies obvious exploit using bogus graphics - *** Safe, Use.');
$aa_PP['S']['sid1027']=array(
'ON'=>'0',
'TITLE'=>'No UserAgent, No Post',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies POST requests by blank user-agents. May prevent a small number of visitors from POSTING.');
$aa_PP['S']['sid1028']=array(
'ON'=>'0',
'TITLE'=>'No Referer, No Comment',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies any comment attempt with a blank HTTP_REFERER field, highly indicative of spam. May prevent some visitors from POSTING.');
$aa_PP['S']['sid1029']=array(
'ON'=>'0',
'TITLE'=>'Trackback Spam',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'403 ',
'DESC'=>'Denies obvious trackback spam. See Holy Shmoly! ');
$aa_PP['S']['sid1030']=array(
'ON'=>'0',
'TITLE'=>'SSL-Only Site',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'301 ',
'DESC'=>'Redirects all non-SSL (https) requests to your https-enabled url');
$aa_PP['S']['modsecurity']=array(
'ON'=>'0',
'TITLE'=>'Mod_Security Support',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'Read More ',
'DESC'=>'Uses the Apache Module mod_security');
/*
$aa_PP['S']['sid2000']=array(
'ON'=>'0',
'TITLE'=>'Anti-Spam, Anti-Exploits',
'FILE'=>$aa_PP['blog_root_htaccess'],
'RESP'=>'Read More ',
'DESC'=>'Denies Obvious Spam and uses advanced mod_security protection');
*/
// delete these old files
if(@is_file(ABSPATH.'wp-includes/.htaccess')) aa_pp_unlink(ABSPATH.'wp-includes/.htaccess');
if(@is_file(ABSPATH.'wp-content/.htaccess')) aa_pp_unlink(ABSPATH.'wp-content/.htaccess');
aa_pp_insert_mark($aa_PP['blog_root_htaccess'], 'AskApache PassPro', '');
foreach($aa_PP['S'] as $n=>$sid)aa_pp_erase_sid($n);
update_option('askapache_password_protect',$aa_PP);
}//=========================================================================================================================
// aa_pp_deactivate
//-------------------------------------------------------------------------------------------------------------------------
function aa_pp_deactivate(){
global $aa_PP;
$aa_PP=get_option('askapache_password_protect');
foreach($aa_PP['S'] as $n=>$sid)aa_pp_erase_sid($n);
aa_pp_insert_mark($aa_PP['blog_root_htaccess'], 'AskApache PassPro', '');
delete_option('askapache_password_protect');
unset($aa_PP);
}//=========================================================================================================================
register_activation_hook(__FILE__, 'aa_pp_activate');
register_deactivation_hook(__FILE__, 'aa_pp_deactivate');
if( strpos($_SERVER['REQUEST_URI'], basename(__FILE__))!==false ) add_action('admin_head', 'aa_pp_admin_header');
add_action('admin_menu', 'aa_pp_options_setup1');
?>