Search String Apostrophe / Single Quote 403 error

Home Forums BulletProof Security Free Search String Apostrophe / Single Quote 403 error

This topic contains 2 replies, has 2 voices, and was last updated by Avatar of AITpro Admin AITpro Admin 3 weeks, 2 days ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #1400 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of justawebbie
    justawebbie
    Member

    When anyone searches the site using an ” ‘ ” in the name it directs them to a 403 error.  I was told by our server company it was coming from the plugin.  How can I fix this so it does not happen anymore?

    #1402 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of AITpro Admin
    AITpro Admin
    Keymaster

    If you want to allow the apostrophe or single quote code character in searches or in URL’s or Feeds then you would need to modify several security filters in your root .htaccess file.  I do not recommend doing this of course because the single quote coding character is one of the top 3 most dangerous coding characters.  Please see this Forum Topic for the security rules/filters you would need to modify >>> http://forum.ait-pro.com/forums/topic/feedburner-feed-header-causing-403-error/

    #14372 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr
    Avatar of AITpro Admin
    AITpro Admin
    Keymaster

    Searching in the WordPress backend area in any of the Search Windows using a single quote code character/apostrophe will result in a 403 error.

    Options:

    1.  Do not use the single quote code character/apostrophe when searching in the WordPress backend Dashboard/wp-admin area.

    2.  Whitelist/allow the single quote code character/apostrophe in search strings in the WordPress backend Dashboard/wp-admin area.

    Copy this modified (single quote code character filters are removed) wp-admin .htaccess BPS Query String Exploits code below to this BPS wp-admin Custom Code text box:  

    # BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    # WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
    RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|%0A|%0D|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F,L]
    # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS

    Click the Save wp-admin Custom Code button.
    Go to the BPS Security Modes page and activate wp-admin BulletProof Mode.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.