PanoPress 360 degree panoramic map 403 Error, iframe

Home Forums BulletProof Security Pro PanoPress 360 degree panoramic map 403 Error, iframe

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #3551
    AITpro Admin
    Keymaster

    Email Question:

    I have a problem on the following domain: [domain name removed for privacy] When you click on the image, a popup will be shown and an 403 error. disabling the bps plugin it is working ok.

    In the b-core security log the following info is attached:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - 29 maart 2013 - >>>>>>>>>>> 12:25 <<<<<<<<<<<
    
    REMOTE_ADDR: 95.97.219.35
    Host Name: 095-097-219-035.static.chello.nl
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: [domain name removed for privacy]
    REQUEST_URI: /wp-content/pano/Grou_steiger_03_2013/Grou_steiger_03_2013.html?base=http: //[removed]/wp-content/pano/Grou_steiger_03_2013/&
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0

    I’m using a map: wp-content/pano in which panorama images with the necessary files are saved. The pano map has 775 rights.

    I have disabled the plugin firewall. No solution. Disabling the root .htaccess will solve the problem Can you give me a hint where i can find the solution for this 403 error?

    In the meantime i did some searching and i found the following code in the page:

    iframe src="http: //[removed]/wp-content/pano/Grou_steiger_03_2013/Grou_steiger_03_2013.html?base=http: //[removed]/wp-content/pano/Grou_steiger_03_2013/&" marginheight="0" marginwidth="0" frameborder="0" scrolling="no" style="display: block; width: 640px; height: 480px; opacity: 1; ">

    Can the iframe causes the trouble?
    The direct link gives no trouble.

    I’m using bulletproof security pro v. 5.7

    Kind regards,

    #3553
    AITpro Admin
    Keymaster

    PanoPress has been tested and there were no issues/problems or 403 errors found.  Testing was done with the standard and advanced PanoPress settings.  So yes, it appears that the additional custom iframe coding that you have added is the cause of the problem.  Try installing a WordPress plugin that is designed to create iframes in posts and pages.

    #3556
    sytze cats
    Participant

    Thanks for the quick service.

    When I disable the following lines in the .htaccess in the root, there are no problems.

    RewriteCond %{QUERY_STRING} http\: [NC,OR]

    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]

    Will this give security problems?

    #3557
    AITpro Admin
    Keymaster

    Those BPS security filters protect against RFI hacking methods, but there are several other security filters that also protect against this.  With that said anytime you decrease your website security by commenting out or removing security filters you are decreasing your overall website security.  So to put a number/percentage/risk factor on the equation I would say you have decreased your website security by 3%.

    If you use a WordPress plugin that is designed to use shortcode to add iframes then you probably will not need to comment out these security filters.

    Another possible approach would be to do add a RewriteEngine Off .htaccess file in the /wp-content/pano folder.

    http://forum.ait-pro.com/forums/topic/rewriteengine-off-htaccess-file/

     

    #3563
    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    And another possibility would be to add a skip/bypass rule like this.

    1. Copy this .htaccess code (if your WordPress installation is in a subfolder then add your WordPress subfolder name in the path) to the BPS Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.
    Note: Since you have created your own custom folder and folder path to a folder named /pano you would use this path below.

    # PanoPress iframe skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/pano/ [NC]
    RewriteRule . - [S=13]

    Example WordPress subfolder path name: MyWordPressFolderName

    # PanoPress iframe skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/MyWordPressFolderName/wp-content/pano/ [NC]
    RewriteRule . - [S=13]
    #3573
    sytze cats
    Participant

    I’ve placed the the following code in the root .htacces file:
    # PanoPress iframe skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/pano/ [NC]
    RewriteRule . - [S=13]

    enabled the two rules i disabled, and now it is working. Thanks al lot. Perfect service!!

    #3574
    AITpro Admin
    Keymaster

    Excellent!  This means that you have created a Whitelist rule for ONLY the /pano folder and the rest of your website still has the RFI security protection/security filters in place.  😉  Thanks for confirming that this skip/bypass rule works.

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.