NextGen Gallery NGG – manage gallery wp-admin 403 error

Home Forums BulletProof Security Free NextGen Gallery NGG – manage gallery wp-admin 403 error

Tagged: , , , ,

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • October 2, 2014 at 9:41 am #18242
    Bruce Alfred
    Participant

    I’m getting a 403 when attempting to access Next Gen Gallery as a logged-in admin user. I’m sorry if I missed it, but I’ve searched for how to whitelist NextGen Gallery in BPS Free, and couldn’t find a post that helped.

    Can you please tell me how to whitelist NextGen? Below is the error log.

    Thanks very much.
    -Bruce

    [403 GET / HEAD Request: October 2, 2014 - 11:11 am]
Event Code: WPADMIN-SBR
Solution:http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 96.42.253.184
Host Name: 96-42-253-184.dhcp.roch.mn.charter.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://seasonshospice.org/wp-admin/admin.php?page=nggallery-manage-gallery
REQUEST_URI: /wp-admin/admin.php?page=nggallery-manage-gallery&skipjs[0]=http://seasonshospice.org/wp-content/themes/pagelines/sections/navbar/navbar.js?ver=4.0
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
    October 2, 2014 at 10:22 am #18245
    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    The Request URI is simulating an RFI hacking attempt. Try a Query String skip/bypass whitelist rule.

    1. Copy the wp-admin plugin skip/bypass rule below to this BPS wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN FIXES: Add ONLY WPADMIN personal plugin fixes code here

    NOTE: If you already have a wp-admin S=2 skip rule in use in Custom Code then make this skip rule S=3 and add it above skip rule S=2

    # NextGen Gallery Query String wp-admin skip/bypass rule
RewriteCond %{QUERY_STRING} page=nggallery-manage-gallery(.*) [NC]
RewriteRule . - [S=2]

    2. Click the Save wp-admin Custom Code button.
    3. Go to the BPS Security Modes page and activate wp-admin Folder BulletProof Mode.

    October 2, 2014 at 1:24 pm #18247
    Bruce Alfred
    Participant

    That did the job!  Thanks very much for your quick and helpful reply.

    Best,
    Bruce

    October 2, 2014 at 2:25 pm #18249
    AITpro Admin
    Keymaster

    Great!  Thanks for confirming the whitelist rule works.

    March 11, 2016 at 5:07 pm #28591
    rafaelmagic
    Participant

    Nextgen 2.0 needs the whitelist above and a whitelist of PHP files so the “Manage Galleries” options all work.

    Rotate, Edit Thumbnail, Meta and the other functions need a php whitelist.

    Add the following to your Firewall if using BPS Pro

    /nextgen-gallery/products/photocrati_nextgen/modules/ngglegacy/admin/(.*).php

     

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.