Google Doc Embedder – gview 403 error

[blweaver]

Hi.

I purchased BPS Pro yesterday and had no troubles installing, configuring (Great vids with walkthrough!!), testing etc. I now have an issue with the plugin module Google Document Embeder “view”. When I click on the page to display the dreaded 403 pops up and is written to the log file.

>>>>>>>>>>> 403 GET or Other Request Error Logged - 12/03/2013 - 8:10 pm <<<<<<<<<<<
REMOTE_ADDR: 108.167.xxx.xxx
Host Name: 108.167.xxx.xxx
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/pdf/financial_agreement.pdf
QUERY_STRING:
HTTP_USER_AGENT: WordPress/3.5.1; http: //www.xxx.com

/wp-content/pdf is just a directory/repository and not associated with any plugin

[blweaver]

should read Google Document Embeder “gview”

[AITpro Admin]

Edit/Update:  A RewriteEngine Off .htaccess file is required to fix this issue:  http://forum.ait-pro.com/forums/topic/another-403-plugin-view-google-doc-embeder/#post-2902

Try a simple skip/bypass rule.  If this does not work then let me know and I will install and test this plugin.

1. Copy this .htaccess code below to the Custom Code CUSTOM CODE PLUGIN FIXES: text box
2. Save your new custom code by clicking the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

NOTE: If your WordPress installation is in a subfolder then add your WordPress subfolder name in the path.
Example:  /my-wordpress-installation-folder-name/wp-content/plugins/google-document-embedder/

# Google Doc Embedder skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/google-document-embedder/ [NC]
RewriteRule . - [S=13]

[blweaver]

Thanks, but unfortunately it hasn’t fixed the issue.

 

[AITpro Admin]

Ok I will install and test this plugin.  Where exactly is “gview”?  Is it a button on the WordPress WYSIWYG editing toolbar?

[blweaver]

No.

It is just configured within the plugin with the path to where files reside to embed ….. hence a directory I made /wp-content/pdf I have also tried using /wp-admin/uploads/2013/03/ but receive the same 403

With the the page add the following
[gview file=”financial_agreement.pdf”]

[AITpro Admin]

There are a number of issues going on so the simplest solution is to add a RewriteEngine Off .htaccess file in your /pdf folder.  Once I added a RewriteEngine Off .htaccess file to the /pdf folder I created to simulate your exact scenario then the Google Doc Embedder plugin was able to connect successfully to the docs.google.com domain.

Please see this RewriteEngine Off tutorial I just added:  http://forum.ait-pro.com/forums/topic/rewriteengine-off-htaccess-file/

[blweaver]

Thanks. I’ll follow the instructions and advise status.
Thanks for the speedy assistance
————————————————————–

[copied from the RewriteEngine Off Topic]
Hmmmm….No success.
I added the index as well.
Both files got sent to quaranteen and I restored them….
I still get the 403!!
The .htaccess file doesn’t show up in a cpanel listing but I guess it is a hidden file?
—————————————————————

I was only using gview as the method of embedding a pdf file within a page. Using the editor to insert as a shockwave file didn’t give me any graphic content other than a blank screen.
I’ll have a hunt around for another method to insert files into a page……
—————————————————————

RESOLVED!!
Hmmmmm…..light dawns on marble head!!
I didn’t change the base directory within gview!!
Thanks……

[AITpro Admin]

You probably want to exclude your /pdf folder from being checked by AutoRestore if you are going to be modifying the files on a regular basis and besides if you only have pdf files in the /pdf folder then there really isn’t any point monitoring pdf files anyway – no security risk there.  You would not need to add an index.php file in the /pdf folder.  If someone has a 3rd party app in another folder then they would need to do that.

Adding a RewriteEngine Off file worked fine for me.  Try it again.  It is possible that when you tested this the RewriteEngine Off htaccess file had already been sent to quarantine.  Also make sure to delete the blank index.php file – it will cause problems for your particular scenario.

—————————————————————-

Yeah its always the simple stuff that gets yah.  ha ha ha

[blweaver]

Done….and works….

Thanks a lot…..

[David G]

I am having the same problem, but I don’t have “pro” yet. Tried all the above suggestions but still cannot get the file to view. I don’t know how to exclude my folder in the free version. Currently I have had to go back to deactivating Root Folder BulletProof Mode to make it work. I am working with Power Point Files and using Google Doc Embedder.

[AITpro Admin]

Check your BPS Security Log file and post ONLY the logged error that relates directly to this issue.  Please do NOT post your entire Security Log.  Thanks.

[David G]

>>>>>>>>>>> 403 GET or Other Request Error Logged - June 25, 2013 - 12:54 am <<<<<<<<<<<
REMOTE_ADDR: 72.167.131.158
Host Name: p3slh195.shr.phx3.secureserver.net
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /trainers/wp-content/uploads/Other/PPF/FinalElectronicDVIRPresentation.ppt
QUERY_STRING:
HTTP_USER_AGENT: WordPress/3.5.1; http: //driving-safely.com/trainers

[AITpro Admin]

@ David G – are you using the Google Doc Embedder plugin or is this unrelated to the Google Doc Embedder plugin?  When I go to the ppt URL the ppt file is automatically downloaded.

[AITpro Admin]

Oh I just noticed a dead giveaway that the ppt file was blocked by BPS due to an attempted scrape/scraper.

SERVER_PROTOCOL: HTTP/1.0

Server Protocol HTTP/1.0 Automatically means something shady occurred. Typically that a scraping attempt was blocked by BPS.  Scraping is the same thing as mirroring so typically you will see your own IP address and domain name in the log entry.

[Author]

Posts