WooCommerce – 403 error

Home Forums BulletProof Security Free WooCommerce – 403 error

Tagged: , , , , , ,

Viewing 15 posts - 1 through 15 (of 20 total)
1 2
  • Author
    Posts
  • April 30, 2013 at 3:53 am #5141
    nasigoreng
    Member

    Hey guys,

    We’re using Woocommerce Plugin and eversince we installed BPS we get 403 forbidden error on our “Order Received” page. Just to explain of what’s going on with the plugin:
    1. User buys a product from us
    2. The user gets redirected to paypal to pay
    3. The user pays on paypal’s website
    4. Paypal redirect the user back to our website
    5. 403 error!

    The redirect URL from Paypal looks like this:

    http://www.ourtestwebsite.com/checkout/thank-you/?order=xxx&key=order_xxx&utm_nooverride=1&tx=xxx&st=Completed&amt=10.00&cc=GBP&cm=xxx&item_number=

    Is there a way to fix this? Any info would be helpful
    Thank you!

    April 30, 2013 at 6:28 am #5144
    AITpro Admin
    Keymaster

    Disregard: This topic is no longer valid. Several things in WooCommerce have changed.
    See this new Topic regarding WooCommerce issues/problems: http://forum.ait-pro.com/forums/topic/woocommerce-read-me-first/

    April 30, 2013 at 7:29 am #5146
    nasigoreng
    Member

    hey guys

    Thank you so much for the quick prompt reply. removing the order| fixes the problem! This is actually a new installation. I only just installed the BPS plugin this morning. The query string is actually added by Paypal, rather than WooCommerce.

    Thank you again.
    Amazing plugin!

    April 30, 2013 at 8:47 am #5157
    AITpro Admin
    Keymaster

    Great!  Thanks for confirming all is well.

    May 6, 2015 at 8:43 pm #22509
    DaveP
    Participant

    I have just followed this procedure on a brand new WooCommerce site with BPS after getting the 403 error. So surprised that I am getting this with such an old issue. I looked at the .htaccess and it had the |order| entry in it ! I will let you know once a new order has been processed to ensure it is working…

    Regards, Dave

    May 6, 2015 at 8:48 pm #22511
    AITpro Admin
    Keymaster

    I looked at the .htaccess and it had the |order| entry

    Yes. You are correct. That is standard BPS Security code and will always be in standard BPS security files. For folks who have WooCommerce they will need to make this necessary modification to BPS Standard code and files.

    May 6, 2015 at 8:50 pm #22513
    DaveP
    Participant

    OK, that is good to know – I will remember that & thanks for the prompt reply – Dave

    June 3, 2015 at 9:31 am #23128
    Amy V
    Participant

    I have done these steps and I’m still getting a 403 forbidden from paypal. Here’s my address string in the browser looks a little different and I’m not able to make heads or tails of the code to paste into the little window.

    https://northcountryfiberfair.org/shop/index.php/checkout/order-received/xxx?key=wc_order_xxx&utm_nooverride=1&tx=xxx&st=Completed&amt=0%2e01&cc=USD&cm=a%3a2%3a%7bi%3a0%3bi%3a1744%3bi%3a1%3bs%3a22%3a%22wc_order_xxx%22%3b%7d&item_number=
    June 3, 2015 at 9:59 am #23130
    AITpro Admin
    Keymaster

    You have done something incorrectly.  I checked your site and the %22 | order condition is still in effect/has not been successfully changed.  Double check that you are doing ALL of the Custom Code steps.

    1. Copy the modified (order| has been removed) BPS Query String Exploits code below to this BPS Root Custom Code text box: CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS:
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    June 3, 2015 at 10:06 am #23131
    AITpro Admin
    Keymaster

    Disregard: This topic is no longer valid. Several things in WooCommerce have changed.
    See this new Topic regarding WooCommerce issues/problems: http://forum.ait-pro.com/forums/topic/woocommerce-read-me-first/

    June 3, 2015 at 11:22 am #23136
    Amy V
    Participant

    Will try that. thx.  I also realized I had BPS installed in my two WP installations (one at main address and one at /shop) and had changed only one. so I’ll try applying the fix to both.

    June 3, 2015 at 12:15 pm #23137
    AITpro Admin
    Keymaster

    Ok take a look at this Forum Topic link below to get familiar with how multiple website domains – hierarchy, structure, relationship affect each other.  Basically a Parent website’s htaccess file will affect all Child websites since the Parent site is higher in the folder structure:  /parent/, /parent/child-1/, /parent/child-1/subfolder/, /parent/child-2/, etc.

    http://forum.ait-pro.com/forums/topic/htaccess-files-for-multiple-website-domains/

    June 4, 2015 at 1:30 pm #23143
    Amy V
    Participant

    Thanks! I can get it to work nicely with paypal sandbox, but not paypal itself. Frustrated, but not giving up yet!

    June 4, 2015 at 2:02 pm #23144
    AITpro Admin
    Keymaster

    The Sandbox should exactly simulate a Live transaction.  Double check that the Sandbox and Live transaction payment script/file are using the same path location and any other parameters.  It is possible, but not likely that whatever transaction payment script/file that you are using is making a HEAD Request.  To rule that out do the Custom Code steps in this forum topic:  http://forum.ait-pro.com/forums/topic/broken-link-checker-plugin-403-error/#post-2017

    June 6, 2015 at 10:15 am #23182
    Amy V
    Participant

    (Taking a deep breath.) There is some difference and I can’t figure out what between the sandbox and the main paypal site. The sandbox plays nicely and goes back to the order summary page. Main paypal does not. I have put in the “BPS QUERY STRING EXPLOITS” code, the  CUSTOM CODE WP REWRITE LOOP START, and the Whitelist User Agents or remove HEAD here in both BP Security installs in the custom code boxes and Activate Root Folder BulletProof Mode. No messages appear in my main site BP security log file (so it wasn’t likely necessary to have those changes – but for completeness sake I’d added them). looking through the wc paypal error log – there doesn’t appear to be any sort of error.I looked at the htaccess file editor under Your current root htaccess file and those mods appear to be there. Help? Do you want screenshots of anything? Anything else I need to check? The message that keeps popping up in the BP security log for the shop install says the following:

    [403 GET / HEAD Request: June 6, 2015 4:48 pm]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: xxx
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=3nbT63vkQZlKaNoXsGPPOreAtC0z-8CV0grCgmJ71oxBprynQBi6Lo194g0&dispatch=50a222a57771920b6a3d7b606239e4d529b525e0b7e69bf0224adecfb0124e9b61f737ba21b08198acc59b45c1b5383c3fbf91319c9514c0
REQUEST_URI: /shop/checkout/order-received/1787?key=wc%5forder%5f5573242ccf79a&utm_nooverride=1&tx=6KV93855973324020&st=Completed&amt=0%2e01&cc=USD&cm=a%3a2%3a%7bi%3a0%3bi%3a1787%3bi%3a1%3bs%3a22%3a%22wc%5forder%5f5573242ccf79a%22%3b%7d&item_number=
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36
  • Author
    Posts
Viewing 15 posts - 1 through 15 (of 20 total)
1 2
  • You must be logged in to reply to this topic.