Hi Peter,

It looks like the its the menu matching on line 9 that’s causing the issue. To fix, replace the RewriteRule that you had commented out, and then change line 9 from this:

RewriteCond %{QUERY_STRING} (menu|mod|path|tag)\=\.?/? [NC,OR]

..to this:

RewriteCond %{QUERY_STRING} (mod|path|tag)\=\.?/? [NC,OR]

Let me know how it goes!

yup, that solves the issue.

One more question: looking through my server logs, I see LOTS of requests for uploadify in various forms ? I think this is a common script with vulnerabilities. They were all denied fortunately. But I don’t see the term uploadify in your blacklist. Did you blacklist those requests some other way?

It’s possible.. I haven’t seen any uploadify requests that I can recall from memory, so something in the requests may already be blocked by the 5G/6G. What does a typical request-string look like?

typically its fishing for uploadify.php, hoping that its in some plugin. This is typical:

/wordpress/wp-content/plugins/gpress/gpress-admin/fieldtypes/image_upload/scripts/uploadify.php 1 -

I have many similar 403s in my logs.

Hmm very interesting.. it doesn’t look like the 5G is blocking that type of request, but something is.. it could be the user-agent or some other aspect of the request getting blocked, or more than likely it’s denied by some default server configuration (at least on Apache servers).

Either way thanks for the info, I’ve added this to the list for upcoming 6G :)

see sucuri:

Uploadify, Uploadify and Uploadify ? The New TimThumb?

Ahh, excellent infos – will be put to good use!