Links in Facebook to website generate 403 Forbidden errors

Home Forums BulletProof Security Free Links in Facebook to website generate 403 Forbidden errors

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #14727
    Claude Latour
    Participant

    Hi,

    We are trying to post links in our Facebook page that link to our blog posts. Facebook responds with a 403 Forbidden error message (see below). Is BPS blocking this? We have the latest version of BPS Free 50.1.

    403 FORBIDDEN : 403 errors usually mean that the server does not have permission to view the requested file or resource.These errors are often caused by IP Deny rules, File protections, or permission problems.

    Thanks for your help

    Claude

    #14730
    AITpro Admin
    Keymaster

    Are you using a WordPress facebook plugin or are these just general links to/from facebook?  Check your BPS Security Log and post a log entry that is related to facebook links.

    #14734
    Claude Latour
    Participant
    >>>>>>>>>>> 403 GET or Other Request Error Logged - April 7, 2014 3:43 pm <<<<<<<<<<<
    REMOTE_ADDR: 139.0.25.26
    Host Name: ln-static-139-0-25-26.link.net.id
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/CuriosityAroused&width=300&height=258&show_faces=true&colorscheme=light&stream=false&border_color=%23ffffff&header=false
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.428.0 Safari/534.1

    But I think this has to do with a FB plugin that’s running on our site and not links on our FB page being blocked. Incidentally, we’ve also opened a ticket with our hosting provider (HostGator) to see if they could be blocking inbound access from FB. We have also noticed that not all links generate a 403 error. For example:

    This one does:  curiosityaroused.com/nature/top-10-most-dangerous-animals-in-the-world/
    This one doesn’t : curiosityaroused.com/nature/10-most-expensive-gemstones-in-the-world/

    Both pages were published at the same time. We’re at a loss to understand why one is blocked and the other isn’t…

    #14762
    AITpro Admin
    Keymaster

    I will reducing this Forum Topic down to only relevant posts and deleting all other posts that are not relevant to the real issue.  What must be occuring is you have a social media / facebook plugin installed that is processing the inbound links from facebook.  What BPS is blocking is that plugin.  So once I know the name of the social media / facebook plugin then I will be able to install and test it to find out what needs to done to fix the issue.

    And yes you are absolutely correct about where the issue/problem is occurring – “But I think this has to do with a FB plugin that’s running on our site and not links on our FB page being blocked. ”

    I should have gotten the name of the fb plugin from the get go.  Went off on a crazy tangent.  Which fb plugin is this?  I will test it with BPS and see what is being blocked in that plugin.

    #14781
    Claude Latour
    Participant

    I sent you a PM with example URLs to test from your Facebook fan page. The Hostgator tech was able to reproduce the 403 with these URLs from his test FB page. Consequently, when he deactivated BPS, there were no more 403 errors in FB.

    We don’t have any active FB or social media plugins. The WP Theme we use (Max mag) comes with social widgets. The ones we use are the facebook like box with faces, and the floating social media share bar. To my knowledge, there is no interaction between these widgets and the action of posting a link in our FB page, since you can post any link from any site.

    Try to post the links I PMed you in your FB page, see what you get…

    #14782
    AITpro Admin
    Keymaster

    I understand that, but when I post a link from facebook to any one of our sites with BPS installed on them this problem does not occur.  You have something installed on your site – either your theme or a plugin that must be doing something with the inbound facebook links to your site.  BPS is blocking that.  That is the only logical explanation.

    Take this approach instead.  temporarily switch your theme to another theme and test.  Then switch back to your current theme just to isolate the source of the issue.  “The WP Theme we use (Max mag) comes with social widgets” – Themes come with plugins bundled into the theme. The social widgets plugin bundled with this theme is going to be where the issue is and what BPS is blocking.

    Or try a hail mary and comment out all the BPS Query string exploits code in your root .htaccess file to see if it is one of the security filters in that section of code that is blocking facebook link functionality in your theme or a plugin on your particular site.  You would then do a process of elimination to find out which security filter is blocking the facebook links on your particular site.  Once again this issue/problem does not occur on any of our sites with BPS installed on them.

    #14789
    Claude Latour
    Participant

    I’m not sure I would want to change the theme and do more harm than good… we have thousands of visitors every day.

    I don’t know if you caught this earlier, but not all links generate a 403, some do, and some don’t. So does that mean there is something specific in the URL that’s causing this? What is certain is that BPS is behind it.

    Can you look at our htaccess and tell us which are “BPS Query string exploits code” ? I would try this before anything else

    #14790
    AITpro Admin
    Keymaster

    If BPS is blocking something it is blocked 100% of the time – there is no middle ground – it is all or nothing – blocked or not blocked.  If some links are working and others are not then this is being caused by something else.  Intermittent problems typically indicate a cache problem.  BPS Query string exploits code starts from:  # BEGIN BPSQSE BPS QUERY STRING EXPLOITS and ends at:  # END BPSQSE BPS QUERY STRING EXPLOITS.  Do NOT comment out this one security filter:  RewriteCond %{QUERY_STRING} (sp_executesql) [NC] – this one security filter needs to be uncommented or your site will crash. A pound sign # is used to comment out .htaccess code.

    Also 403 errors are a standard error.  They are not exclusive to BPS.

    I installed and tested the Max Magazine theme and created a link from facebook to the test site – it worked fine without  a 403 error.

    #14797
    Claude Latour
    Participant

    Eureka! I found something that fixes the problem:  https://developers.facebook.com/tools/debug

    I enter the URL here, click ‘DEBUG’ and for some reason it “cleans” the URL. Once that’s done, I go back to my fan page, post the link and voila, it works!

    I have no idea why this works, but it does. And BPS is active.

    Thanks a lot for all your help!

    #14798
    AITpro Admin
    Keymaster

    Wow!  That is pretty dam cool.  I will have to check that out.  Thanks for posting what worked.

Viewing 10 posts - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.