htaccess woes

[Paul Thomas]

I use a whitelist in htaccess to only allow certain bots.
It works fine on apache servers but I get a 403 error when I try and deploy on a litespeed server.

Is there anything I can do to get over this problem.
Thanks.

# wp-login IP whitelist - block all brute force attempts and limit access to YOUR IPs only
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^234\.234\.226\.78$
RewriteCond %{REMOTE_ADDR} !^234\.234\.234\.234$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

# START WHITELIST

#Google
BrowserMatchNoCase Google good_pass

#Yahoo
BrowserMatchNoCase Slurp good_pass
BrowserMatchNoCase YahooSeeker good_pass

#Bing
BrowserMatchNoCase MSNbot good_pass
BrowserMatchNoCase Adidxbot good_pass
BrowserMatchNoCase BingPreview good_pass
BrowserMatchNoCase bingbot good_pass

#ASK
BrowserMatchNoCase Jeeves good_pass

#DuckDuckGo
BrowserMatchNoCase DuckDuckBot good_pass

#Baidu (uncomment if you need this)
#BrowserMatchNoCase Baiduspider good_pass

#Yandex (uncomment if you need this)
#BrowserMatchNoCase YandexBot good_pass

#Regular Visitors
BrowserMatchNoCase Gecko good_pass
BrowserMatchNoCase Windows good_pass
BrowserMatchNoCase Macintosh good_pass
BrowserMatchNoCase Android good_pass

Order Deny,Allow
Deny from all
Allow from env=good_pass

# END WHITELIST
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

 

[NiteWave]

replace

Order Deny,Allow
Deny from all
Allow from env=good_pass

with

RewriteCond %{ENV:good_pass} !^$
RewriteRule . - [R=403,L]

see if it works

 

[Paul Thomas]

Works a treat.
Much obliged for your help.

 

[Paul Thomas]

The solution that @NiteWave posted for me back in December worked a treat up to a week ago.
Now my blogs are showing the home page but all posts/pages and login page are showing a 403 error.

Any further help with this would be appreciated.

 

[NiteWave]

we need more info regarding this issue.
switch to a different lsws version, see if it disappear.
lsws web admin->Actions->Version Manager->SwitchTo ...

 

[Paul Thomas]

I am using shared hosting accounts over at hostwinds.com and have asked them to look into this.
They did reply:
"Unfortunately, we're unable to switch LSWS versions on request as this change would affect other customers on the same server."

 

[NiteWave]

then how about

RewriteCond %{ENV:good_pass} !^$
RewriteRule . - [R=403,L]

change to
RewriteCond %{ENV:good_pass} !^$
RewriteRule .* - [R=403,L]

i.e., only add a more *

 

[Paul Thomas]

The above resulted in a 403 all round.

If I remove the space between * and -
RewriteCond %{ENV:good_pass} !^$
RewriteRule .*- [R=403,L]

I get no 403 on the posts but a 403 when trying /wp-login.php.
Plus the wordpress theme is missing on the home page and posts.

If I remove the period
RewriteCond %{ENV:good_pass} !^$
RewriteRule *- [R=403,L]

I get no 403 on the posts and wp-login.php and the theme has restored itself.

So all is looking rosy at the moment.
I will of course give it a good going over but it looks like this present problem is resolved.

Thanks again NiteWave for your help on this issue.

 

[NiteWave]

you mean
RewriteRule *- [R=403,L]
resolved your issue ?
but the syntax is wrong. it's an even weird issue to us

 

[Paul Thomas]

I have just updated the .htaccess on 6 blogs with
RewriteRule *- [R=403,L]

and they seem to be working fine.