1

There is an error in my website's cPanel, when I try to enable HOTLINK PROTECTION, I get the following error (image 1 attached):The Cpanel screenshot from Apache detection

There was an error while enabling hotlink protection. Apache detected an error in the Rewrite config. AH00526: Syntax error on line 153 of /home/… /public_html/.htaccess.9cZGH7VFKfWc6gqbrvVYVrz9qy6IaJMp: RewriteRule: bad flag delimiters Please try again.

I'm a WordPress admin and I don't have a professional developer to help me, so I don't know how to fix the .htaccess file problem.(image2 is also attached). .htaccess Screenshot

The .htaccess code (line 150-155) is as follow:

150: RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
151: RewriteCond %{REQUEST_FILENAME} -f [OR]
152: RewriteCond %{REQUEST_FILENAME} -d
153: RewriteRule ^ - [L]
154: RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
155: RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]

Can anybody help me how to solve this?

I am a WordPress admin and I hope a PHP developer can help me solve this Apache error problem.

Amendment: The .htaccess file attached

php_flag display_errors off

# BEGIN WordPress Hardening
<FilesMatch "^.*(error_log|wp-config\.php|php.ini|\.[hH][tT][aApP].*)$">
#Order deny,allow
#Deny from all
</FilesMatch>
<IfModule mod_rewrite.c>
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
    RewriteRule ^wp-config\.php - [F,L]
    RewriteRule ^php\.ini - [F,L]
    RewriteRule \.htaccess - [F,L]
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post.php*
    RewriteCond %{HTTP_REFERER} !.*myqwebsite.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) - [F,L]
</IfModule>
# END WordPress Hardening
 
 
 
 
 
 
 
 
 
 
 
 
 
  
# BEGIN Gzipspeedycache
<IfModule mod_deflate.c>
    AddType x-font/woff .woff
    AddType x-font/ttf .ttf
    AddOutputFilterByType DEFLATE image/svg+xml
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/js
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/x-font-ttf
    AddOutputFilterByType DEFLATE x-font/ttf
    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
    AddOutputFilterByType DEFLATE font/opentype font/ttf font/eot font/otf
</IfModule>
# END Gzipspeedycache

# BEGIN LBCspeedycache
<FilesMatch "\.(webm|ogg|mp4|ico|pdf|flv|jpg|jpeg|png|gif|webp|js|css|swf|x-html|css|xml|js|woff|woff2|otf|ttf|svg|eot)(\.gz)?$">
    <IfModule mod_expires.c>
        AddType application/font-woff2 .woff2
        AddType application/x-font-opentype .otf
        ExpiresActive On
        ExpiresDefault A0
        ExpiresByType video/webm A10368000
        ExpiresByType video/ogg A10368000
        ExpiresByType video/mp4 A10368000
        ExpiresByType image/webp A10368000
        ExpiresByType image/gif A10368000
        ExpiresByType image/png A10368000
        ExpiresByType image/jpg A10368000
        ExpiresByType image/jpeg A10368000
        ExpiresByType image/ico A10368000
        ExpiresByType image/svg+xml A10368000
        ExpiresByType text/css A10368000
        ExpiresByType text/javascript A10368000
        ExpiresByType application/javascript A10368000
        ExpiresByType application/x-javascript A10368000
        ExpiresByType application/font-woff2 A10368000
        ExpiresByType application/x-font-opentype A10368000
        ExpiresByType application/x-font-truetype A10368000
    </IfModule>
    <IfModule mod_headers.c>
        Header set Expires "max-age=A10368000, "
        Header unset ETag
        Header set Connection keep-alive
        FileETag None
    </IfModule>
</FilesMatch>
# END LBCspeedycache

# BEGIN WEBPspeedycache
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_ACCEPT} image/webp
    RewriteCond %{REQUEST_URI} \.(jpe?g|png|gif)
    RewriteCond %{DOCUMENT_ROOT}/$1.webp -f [or]
    RewriteCond /home/henryluc/public_html/$1.webp -f
    RewriteRule (?i)(.*)(\.jpe?g|\.png|\.gif)$ /$1.webp [T=image/webp,E=EXISTING:1,L]
</IfModule>
<IfModule mod_headers.c>
    Header append Vary Accept env=REDIRECT_accept
</IfModule>
AddType image/webp .webp
# END WEBPspeedycache
 
 
 
 
# BEGIN LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
<IfModule LiteSpeed>
RewriteEngine on
CacheLookup on
RewriteRule .* - [E=Cache-Control:no-autoflush]
RewriteRule \.litespeed_conf\.dat - [F,L]

### marker CACHE RESOURCE start ###
RewriteRule wp-content/.*/[^/]*(responsive|css|js|dynamic|loader|fonts)\.php - [E=cache-control:max-age=3600]
### marker CACHE RESOURCE end ###

### marker FAVICON start ###
RewriteRule favicon\.ico$ - [E=cache-control:max-age=86400]
### marker FAVICON end ###

### marker DROPQS start ###
CacheKeyModify -qs:fbclid
CacheKeyModify -qs:gclid
CacheKeyModify -qs:utm*
CacheKeyModify -qs:_ga
### marker DROPQS end ###

</IfModule>
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END LSCACHE
# BEGIN NON_LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END NON_LSCACHE
RewriteEngine on
RewriteCond ${LeechProtect:/home/henryluc/public_html:%{REMOTE_USER}:%{REMOTE_ADDR}:4:AuNGUPpPBWWYMt7ibHx8Job4djzvzd9N} leech
RewriteRule .* /RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
# SOFTACULOUS Block xmlrpc
<files xmlrpc.php>
    Require all denied
</files>
# SOFTACULOUS Block xmlrpc End
# SOFTACULOUS Block .htaccess and .htpasswd
<FilesMatch ^(?i:\.ht.*)$>
    Require all denied
</FilesMatch>
# SOFTACULOUS Block .htaccess and .htpasswd End
# SOFTACULOUS Block author scans
RewriteBase /
RewriteCond %{QUERY_STRING} (author=\d+) [NC]
RewriteRule .* - [F]
# SOFTACULOUS Block author scans End
# SOFTACULOUS Block directory browsing
Options -Indexes
# SOFTACULOUS Block directory browsing End
# SOFTACULOUS Block access sensitive files
<FilesMatch "^.*(((?:wp-config)\.(?:php|bak|swp))|php.ini|.[hH][tT][aApP].*|((?:error_log|readme|license|changelog|-config|-sample)\.(?:php|md|log|txt|htm|html)))$">
    Require all denied
</FilesMatch>
# SOFTACULOUS Block access sensitive files End
# SOFTACULOUS Enable bot protection
RewriteCond %{HTTP_USER_AGENT} (?:virusbot|spambot|evilbot|acunetix|BLEXBot|domaincrawler\.com|LinkpadBot|MJ12bot/v|majestic12\.co\.uk|AhrefsBot|TwengaBot|SemrushBot|nikto|winhttp|Xenu\s+Link\s+Sleuth|Baiduspider|HTTrack|clshttp|harvest|extract|grab|miner|python-requests) [NC]
RewriteRule ^(.*)$ http://no.access/
# SOFTACULOUS Enable bot protection End
RewriteCond %{HTTP_REFERER} !^http://myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://myqwebsites.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://myqwebsites.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://myqwebsites.com.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://myqwebsites.com.myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mywebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mywebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mywebsite.com.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mywebsite.com.myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mywebsites.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mywebsites.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mywebsites.com.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mywebsites.com.myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.myqwebsites.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.myqwebsites.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.myqwebsites.com.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.myqwebsites.com.myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mywebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mywebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mywebsite.com.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mywebsite.com.myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mywebsites.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mywebsites.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mywebsites.com.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mywebsites.com.myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://myqwebsites.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://myqwebsites.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://myqwebsites.com.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://myqwebsites.com.myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://mywebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://mywebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://mywebsite.com.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://mywebsite.com.myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://mywebsites.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://mywebsites.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://mywebsites.com.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://mywebsites.com.myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.myqwebsites.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.myqwebsites.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.myqwebsites.com.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.myqwebsites.com.myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.mywebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.mywebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.mywebsite.com.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.mywebsite.com.myqwebsite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.mywebsites.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.mywebsites.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.mywebsites.com.myqwebsite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.mywebsites.com.myqwebsite.com$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|svg)$ (.*) [R,NC]

# Wordfence WAF
<IfModule LiteSpeed>
php_value auto_prepend_file '/home/henryluc/public_html/wordfence-waf.php'
</IfModule>
<IfModule lsapi_module>
php_value auto_prepend_file '/home/henryluc/public_html/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>
</Files>

# END Wordfence WAF

Improve this question
5
  • There is no such error in the code you've posted. However, I would not try implementing "hotlink protection" using cPanel to begin with. cPanel is rather prone to making "mistakes" in this regard. Commented Jun 6, 2023 at 23:05
  • 1
    However, from your "screenshot", you do have an obvious error on line#146 - unless that is just an error in formatting? Commented Jun 6, 2023 at 23:08
  • Well, what advice do you give me now? How can it be corrected? Commented Jun 7, 2023 at 6:06
  • Please don't link to a screenshot. Include the complete section (or even your complete .htaccess file) in your question. Thanks. Commented Jun 7, 2023 at 8:03
  • The .htaccess file is attached. Commented Jun 8, 2023 at 14:14

1 Answer 1

Reset to default
0

The problematic line is probably:

RewriteRule .*\.(jpg|jpeg|gif|png|bmp|svg)$ (.*) [R,NC]

This line problem:

Extra parentheses (.*) that shouldn't be there.

To fix this problem, I suggest you modify this line as follows:

RewriteRule .*\.(jpg|jpeg|gif|png|bmp|svg)$ - [F,NC]

This change causes unauthorized requests for image files to be 403 (forbidden).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.