jupdf pdf viewer – 403 error

Home Forums BulletProof Security Free jupdf pdf viewer – 403 error

Tagged: ,

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • June 22, 2015 at 5:50 pm #23631
    lukas
    Participant

    Hello, I use a plugin jupdf pdf viewer https://wordpress.org/plugins/jupdf-pdf-viewer/
    i have problem in correct showing iframe in pdf use in plugin…   Here is log errors :

    [403 GET / HEAD Request: 23. jún 2015 - 2:24] 
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer 
Solution: N/A - Hacker/Spammer Blocked/Forbidden 
REMOTE_ADDR: 217.12.63.*** 
Host Name: 217.12.63.*** 
SERVER_PROTOCOL: HTTP/1.1 
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: http://www.********.com/catalog/ 
REQUEST_URI: /wp-content/plugins/jupdf-pdf-viewer/jupdf/index.html?file=http://www.exempleurl.com/wp-content/uploads/2015/06/catal%C3%B3g-2.pdf 
QUERY_STRING: 
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0

    please help, thanks

    June 22, 2015 at 6:09 pm #23635
    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    The Request URI is simulating an RFI hacking attempt.
    Similar Issue Reference:  http://forum.ait-pro.com/forums/topic/corner-ad-403-error/

    Do these whitelisting steps:
    1. Copy the code below to this Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE: Add additional Referers and/or misc file names. IMPORTANT! Change the HTTP_REFERER example.com domain name to your actual domain/website’s name.
    2. Save your new custom code by clicking the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
#
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (jupdf/index\.html|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*example.com.*
RewriteRule . - [S=1]
    June 22, 2015 at 6:21 pm #23637
    lukas
    Participant

    thanks !! code is working 🙂

    June 22, 2015 at 6:26 pm #23638
    AITpro Admin
    Keymaster

    Great!  Thanks for confirming the whitelist rule/method works.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.