order deny allow 403 404 issues

baronn

• March 15, 2022 09:10

Hello, This has been an ongoing issue for quite some time now (nearly a year) and we have had cpanel support look into it with no success or resolution. Have been looking into it in between work now and then and not been able to find why this issue is happening. So hoping someone from the community (or perhaps support can help again?) can shed some light on why we are getting this issue. SO the issue relates to using order deny,allow in a htaccess to only allow IPs referenced access to an admin area. Now there is 3 installations that exist which are all identical and all of them have the same rules in the htaccess: order deny,allow allow from 72.15.12.125 deny from all which reside in the admin folder. Here are the differences (everything else is the same) between the 3 installs: 2 are both using WordPress and the script resides in a folder inside the normal WordPress folder structure these 2 have a non-www to www redirect in the htaccess and a https = on directive 1 (the one that has the issue) is located in a sub domain which doesn't have a WordPress install Its just the script (within which the admin folder resides) only has the https =on directive Now for 2 of the installations IF you navigate to the admin folder it will prevent you from accessing and redirect you to a 404 page. These 2 installations have the admin folder located within a WordPress installation i.e. wordpress/THESCRIPT/admin folder The 1 installation that doesn't work as desired is on a subdomain i.e. subdomain.domain.com with NO WordPress install included. If you navigate to the admin folder located in that site from a non recognised IP then it sends a 403 error and then dsiplays a broken form page rather than a 404 page which the other 2 install do. Looking at the logs and error files all 3 seem to send the right: AH01797: client denied by server configuration message 2 installations seem to be (for what ever reason) showing a 404 (our preferred option and happy with this) where as the other install is sending a 403 error (checking the header and chrome inspector). At first we assumed that WordPress was overtaking the 403 (not sure why it would in a sub folder install) and showing the 404 page. so as the sub domain install isn't located within a WordPress structure we assumed that it may be why. However IF you navigate to a file on this one install that's prevented by the sub domains root .htaccess a such: Order allow,deny Deny from all it actually shows the 404 page! it shows the right client denied message and for what ever reason (how we need it) shows the 404 page... So it cannot be the fact that this 1 install is not within a WordPress folder structure... Racking our brains to find out why the order deny allow with the IPs in the admin folder will not do what the other 2 installs and even navigating to a prevented file in its own install going to a 404. Had a look at this which I think is closely related:

• 

  cPRex Jurassic Moderator

  • March 15, 2022 16:07

  Hey there! I'm not 100% sure what would be going on with that particular installation. Since you have this configured already, would it be possible for you to submit a ticket to our team so we could check this out?

  0
• 

  baronn

  • March 15, 2022 16:57

  Hey there! I'm not 100% sure what would be going on with that particular installation. Since you have this configured already, would it be possible for you to submit a ticket to our team so we could check this out?

  
  This was the old ticket 93937922 - Maybe reviewing that will help?

  0
• 

  cPRex Jurassic Moderator

  • March 15, 2022 17:22

  That ticket number is old enough that we wouldn't have access to the servers at this point.

  0

Please sign in to leave a comment.