Apache Modules Testing: mod_rewrite, mod_authz_core, mod_authz_host, mod_security, mod_security2 & mod_access

Apache Modules Testing: mod_rewrite, mod_authz_core, mod_authz_host, mod_security, mod_security2 & mod_access_compat (directives: Order, Allow and Deny)

#	htaccess Code	#	htaccess Code
1	# 1 mod_access_compat Order Directive Allow from all <FilesMatch "^(mod_access_compat-od-allowed\.png)$"> <IfModule mod_access_compat.c> Order Allow,Deny Allow from all </IfModule> </FilesMatch>	2	# 2 mod_access_compat Order Directive Deny from all <FilesMatch "^(mod_access_compat-od-denied\.png)$"> <IfModule mod_access_compat.c> Order Allow,Deny Deny from all </IfModule> </FilesMatch>
3	# 3 mod_authz_core Require all denied Conditional <FilesMatch "^(mod_authz_core-denied\.png)$"> <IfModule mod_authz_core.c> Require all denied </IfModule> </FilesMatch>	4	# 4 mod_authz_core\|mod_access_compat Order Directive Denied Conditional <FilesMatch "^(mod_authz_core-od-cond-denied\.png)$"> <IfModule mod_authz_core.c> Order Allow,Deny Deny from all </IfModule> </FilesMatch>
5	# 5 mod_authz_host Require ip 127.9.9.1 Conditional <FilesMatch "^(mod_authz_host-require-ip\.png)$"> <IfModule mod_authz_host.c> Require ip 127.9.9.1 </IfModule> </FilesMatch>	6	# 6 mod_authz_host\|mod_access_compat Order Directive Denied Conditional <FilesMatch "^(mod_authz_host-od-cond-denied\.png)$"> <IfModule mod_authz_host.c> Order Allow,Deny Deny from all </IfModule> </FilesMatch>

Images

htaccess Code

Images

htaccess Code

# 1 mod_access_compat Order Directive Allow from all
<FilesMatch "^(mod_access_compat-od-allowed\.png)$">
	<IfModule mod_access_compat.c>
		Order Allow,Deny
		Allow from all
	</IfModule>
</FilesMatch>

# 2 mod_access_compat Order Directive Deny from all
<FilesMatch "^(mod_access_compat-od-denied\.png)$">
	<IfModule mod_access_compat.c>
		Order Allow,Deny
		Deny from all
	</IfModule>
</FilesMatch>

# 3 mod_authz_core Require all denied Conditional	       
<FilesMatch "^(mod_authz_core-denied\.png)$">
	<IfModule mod_authz_core.c>
		Require all denied
	</IfModule>
</FilesMatch>

# 4 mod_authz_core|mod_access_compat Order Directive Denied Conditional
<FilesMatch "^(mod_authz_core-od-cond-denied\.png)$">
	<IfModule mod_authz_core.c>
		Order Allow,Deny
		Deny from all
	</IfModule>
</FilesMatch>

# 5 mod_authz_host Require ip 127.9.9.1 Conditional	       
<FilesMatch "^(mod_authz_host-require-ip\.png)$">
	<IfModule mod_authz_host.c>
		Require ip 127.9.9.1
	</IfModule>
</FilesMatch>

# 6 mod_authz_host|mod_access_compat Order Directive Denied Conditional	       
<FilesMatch "^(mod_authz_host-od-cond-denied\.png)$">
	<IfModule mod_authz_host.c>
		Order Allow,Deny
		Deny from all
	</IfModule>
</FilesMatch>

Apache Module & Directive Test Results Explanation

This test will tell you if your server has the mod_authz_core, mod_authz_host and mod_access_compat Modules loaded and whether or not the mod_access_compat Module directives (deprecated in Apache 2.4): "Order, Allow, Deny" can be used/will work on your server or can be used in combination with the mod_authz_core and mod_authz_host Modules (backward compatibility). The new Apache 2.4 Modules for Access Control are: mod_authz_host and mod_authz_core.
Note: The "Require ip" directive can be used in BOTH the mod_authz_host and mod_authz_core Modules htaccess code.

#	Explanation\|Description	#	Explanation\|Description
1	If you see an image displayed then your Apache server has the mod_access_compat Module loaded and allows the mod_access_compat "Order, Deny, Allow" directives to be used in htaccess files. "Allow from all" means to display the mod_access_compat-od-allowed.png image file to everyone. Or your server is ignoring/not processing the IfModule condition. See Test #7 and check the System Info page.	2	If you do NOT see an image displayed then your Apache server has the mod_access_compat Module loaded and allows the mod_access_compat "Order, Deny, Allow" directives to be used in htaccess files. "Deny from all" means do NOT display the mod_access_compat-od-denied.png image file to anyone. Or if your server is ignoring/not processing the IfModule condition then an image will be displayed. See Test #8 and check the System Info page.
3	The IfModule condition is checking if the mod_authz_core Module IS loaded on your Apache server. If the Module is loaded then you will NOT see the mod_authz_core-denied.png image file displayed to you. "Require all denied" means do NOT display the image file to anyone. Or if your server is ignoring/not processing the IfModule condition then an image will be displayed. See Test #10 and check the System Info page.	4	The IfModule condition is checking if the mod_authz_core Module IS loaded on your Apache server. If the Module is loaded and your server allows using the mod_access_compat "Order, Deny, Allow" directives WITH the mod_authz_core IfModule condition then the mod_authz_core-od-cond-denied.png image file should NOT be displayed. This means that your server has backward compatibility, which is using/allowing/loading both of these Modules and allowing the "Order, Deny, Allow" directives to be used in htaccess files. If the mod_authz_core Module is NOT loaded and/or your server does NOT allow using the "Order, Deny, Allow" directives then your server will not process this code and the image file WILL be displayed to you. Check the System Info page.
5	The IfModule condition is checking if the mod_authz_host Module IS loaded on your Apache server. If the Module is loaded then you will NOT see the mod_authz_host-require-ip.png image file displayed to you. "Require ip 127.9.9.1" means ONLY display the image file if your IP address is 127.9.9.1. The 127.9.9.1 IP address is intentionally a bogus IP address and is NOT your IP address. If the mod_authz_host Module is NOT loaded then your server will NOT process this code and the image file WILL be displayed to you.	6	The IfModule condition is checking if the mod_authz_host Module IS loaded on your Apache server. If the Module is loaded and your server allows using the mod_access_compat "Order, Deny, Allow" directives WITH the mod_authz_host IfModule condition then the mod_authz_host-od-cond-denied.png image file should NOT be displayed. This means that your server has backward compatibility, which is using/allowing/loading both of these Modules and allowing the "Order, Deny, Allow" directives to be used in htaccess files. If the mod_authz_host Module is NOT loaded and/or your server does NOT allow using the "Order, Deny, Allow" directives then your server will not process this code and the image file WILL be displayed to you.

Additional Testing for Web Hosts that ignore/do not allow/do not process IfModule conditions and Mod Security testing:

#	htaccess Code	#	htaccess Code
7	# 7 mod_access_compat: No IfModule Condition Order Directive Allow from all <FilesMatch "^(mod_access_compat-od-nc-allowed\.png)$"> Order Allow,Deny Allow from all </FilesMatch>	8	# 8 mod_access_compat: No IfModule Condition Order Directive Deny from all <FilesMatch "^(mod_access_compat-od-nc-denied\.png)$"> Order Allow,Deny Deny from all </FilesMatch>
9	# 9 mod_rewrite: No IfModule Condition RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} ^./mod-test/mod_rewrite-cond\.png$ [NC] RewriteRule ^(.)$ http://%{HTTP_HOST}.../mod_rewrite-nc.png [R=302] RewriteCond %{HTTPS} =on RewriteCond %{REQUEST_URI} ^./mod-test/mod_rewrite-cond\.png$ [NC] RewriteRule ^(.)$ https://%{HTTP_HOST}.../mod_rewrite-nc.png [R=302]	10	# 10 mod_authz_core: No IfModule Condition Require all denied <FilesMatch "^(mod_authz_core-nc-denied\.png)$"> Require all denied </FilesMatch>
11	# 11 mod_authz_host: No IfModule Condition Require host <FilesMatch "^(mod_authz_host-nc-require-host\.png)$"> Require host example.com </FilesMatch>	12	# 12 mod_security: IfModule Conditions <FilesMatch "^(mod_security\.png)$"> <IfModule mod_security.c> <IfModule mod_access_compat.c> Order Allow,Deny Deny from all </IfModule> <IfModule mod_authz_core.c> Require all denied </IfModule> </IfModule> </FilesMatch>
13	# 13 mod_security2: IfModule Conditions <FilesMatch "^(mod_security-2\.png)$"> <IfModule mod_security2.c> <IfModule mod_access_compat.c> Order Allow,Deny Deny from all </IfModule> <IfModule mod_authz_core.c> Require all denied </IfModule> </IfModule> </FilesMatch>	14	# 14 Unused: No Tests Performed

Apache No IfModule Condition, Directive & Mod Security Test Result Explanations:

Some Web Hosts ignore/do not allow/do not process all IfModule conditions and the test results for tests 1-6 above will NOT be accurate. Tests 7-11 check mod_access_compat, mod_rewrite, mod_authz_core and mod_authz_host directives without any IfModule conditions. The mod_access_compat directives "Order, Deny, Allow" should work on every single Web Host at this present time. The Apache transition from mod_access_compat to the new mod_authz_core and mod_authz_host Modules will probably result in various issues/problems on some Web Hosts during that transitional period. BPS checks your current loaded Modules and directive htaccess code compatiblity and creates htaccess code that works specifically on your particular server/website/host. If things change in the future with your Web Host or you move to another host or server, BPS will check that you htaccess code is correct for your particular server/website/host and display a message to run the Setup Wizard again if necessary, which will create new htaccess code that works specifically for your particular server/website/host.

#	Explanation\|Description	#	Explanation\|Description
7	If you see an image displayed then your Apache server has the mod_access_compat Module loaded and allows the mod_access_compat "Order, Deny, Allow" directives to be used in htaccess files. "Allow from all" means to display the mod_access_compat-od-nc-allowed.png image file to everyone. Or your server is not processing the mod_access_compat "Order, Deny, Allow" directives and you will see the image. See the System Info page.	8	If you do NOT see an image displayed then your Apache server has the mod_access_compat Module loaded and allows the mod_access_compat "Order, Deny, Allow" directives to be used in htaccess files. "Deny from all" means do NOT display the mod_access_compat-od-nc-denied.png image file to anyone. Or your server is not processing the mod_access_compat "Order, Deny, Allow" directives and you will see the image. See the System Info page.
9	Note: The path has been shortened in the code example with ... for visual formatting display reasons. If you see an image displayed without a white #9 displayed in the bottom right corner then your Apache server has the mod_rewrite Module loaded. The image that is being displayed is the mod_rewrite-nc.png image file. If mod_rewrite is NOT loaded then a 500 error will occur and you will see the mod_rewrite-cond.png image file displayed with a white #9 displayed in the bottom right corner. Or you will see the mod_rewrite-cond.png image file displayed if you are not using either a WordPress default or BPS root htaccess file. See the System Info page.	10	If you do NOT see an image displayed then your Apache server has the mod_authz_core Module loaded on your server. If the Module is loaded then you will NOT see the mod_authz_core-nc-denied.png image file displayed to you. "Require all denied" means do NOT display the mod_authz_core-nc-denied.png image file to anyone. Or your server is not processing the "Require all denied" directive and a 500 error will occur and you will not see the image. See the System Info page.
11	If you do NOT see an image displayed then your Apache server has the mod_authz_host Module loaded on your server. If the Module is loaded then you will NOT see the mod_authz_host-nc-require-host.png image file displayed to you. "Require host example.com" means ONLY display the image file if the Hostname (your website) is example.com. The Hostname is intentionally a bogus Hostname and is NOT your Hostname (your website). Or your server is not processing the "Require host example.com" directive and a 500 error will occur and you will not see the image. See the System Info page.	12	If you do NOT see an image displayed then your Apache server has the mod_security Module loaded on your server. If the mod_security Module is loaded then you will NOT see the mod_security.png image file displayed to you. Mod Security is now included in current versions of cPanel and breaks several BPS Pro features and option setting forms as well as various things in WordPress and other Plugins and Themes. Some web hosts allow you to remove the individual Mod Security SecRules and SecFilters that are breaking things, but most web hosts only allow you to either Disable or Enable Mod Security in your web host control panel. See this Forum Topic for known things that Mod Security breaks in BPS: common known Mod Security problems
13	If you do NOT see an image displayed then your Apache server has the mod_security2 Module loaded on your server. If the mod_security2 Module is loaded then you will NOT see the mod_security-2.png image file displayed to you. Mod Security is now included in current versions of cPanel and breaks several BPS Pro features and option setting forms as well as various things in WordPress and other Plugins and Themes. Some web hosts allow you to remove the individual Mod Security SecRules and SecFilters that are breaking things, but most web hosts only allow you to either Disable or Enable Mod Security in your web host control panel. See this Forum Topic for known things that Mod Security breaks in BPS: common known Mod Security problems	14	Unused: No Tests Performed.