whitelist maxcdn

[jena]

Hi,I got this from maxcdn support.

The origin is blocking us from taking your files into cache meaning check with your sysadmin or webmaster and let them unblock our ips. this is most likely in hotlinking protection or within htaccess file as a “deny from” rule these are our ip blocks
108.161.176.0/20 if there is anything blocked within these ranges make sure to remove it from deny list I have provided only 1 ip for your reference.
Please let me know the correct way to whitelist and unblock these ips

Thanks

[AITpro Admin]

Does MaxCDN need access to your plugins folder?  The Plugin Firewall will block them unless you whitelist them.  Do you have a plugin that handles MaxCDN?

Do you see any errors in your BPS Pro Security Log that are directly related to MaxCDN?  If so, then ONLY post just those errors and DO NOT post your entire Security Log.

[AITpro Admin]

Typically this is going to have something to do with whatever caching plugin you are using.
WP Super Cache MaxCDN setup:  http://support.netdna.com/pullzone/wordpress-wp-super-cache/
W3 Total Cache MaxCDN setup:  http://support.netdna.com/pullzone/wordpress-w3-total-cache/

[jena]

I use wp super cache with mxcdn.The wp super cache setting is correct as per the guidelines. Yes it access to your plugins and themes folder to cache css and js files. I have this in error log. How shall I whitelist these IP ranges: 108.161.176.0/20 70.39.132.0/24 92.60.240.208/29 92.60.240.217/29 216.12.211.60/32 216.12.211.59/32 198.232.124.0/22

>>>>>>>>>>> 403 GET or Other Request Error Logged - May 20, 2013 - 4:33 am <<<<<<<<<<<
REMOTE_ADDR: 108.161.186.118
Host Name: 108.161.186.118
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: hope4today.missionwebs.org/find-a-home/
REQUEST_URI: /wp-content/plugins/gravityforms/js/jquery.json-1.3.js?ver=1.7.3
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31

[AITpro Admin]

The Gravity Forms js error can be fixed by adding this plugin script to the Plugin Firewall Whitelist Text Area, click the Save Whitelist Options button and activate the Plugin Firewall again.  Plugin Firewall whitelist rules MUST follow this format:  a comma and a space go between each plugin script – /plugin-folder-name/js-script.js, /plugin-folder-name/js-script.js, /plugin-folder-name/js-script.js,

/gravityforms/js/(.*).js

I do not know if what the MaxCDN folks told you is correct/what needs to be done or not so I cannot tell you what or where you would be whitelisting something.  What they are saying in general is this – “…blocking us from taking your files into cache…”.  So they are saying that they cannot get your cache files for some reason and they assumed this is because their IP address is being blocked.  Whether that is really correct or not is the question.  Whether or not you need to whitelist their IP addresses may not be relevant at all.

This may or may not have anything to do with BPS Pro, may have to do with another plugin, may have to do with a misconfiguration, may have to do with a Host setting in the control panel, may be blocked by the Host itself.  You will need to contact them to get more specific and detailed information about what exactly is being blocked since what they have told you is too vague to find out what or where the issue really is.

[AITpro Admin]

Does MaxCDN have a testing tool on their website somewhere?  Please ask them to provide a URL to a testing or debugging tool on the MaxCDN website and post that link here.

Actually since they have a Control Panel login then a testing tool that would generate useful errors would probably be in that Control Panel.

[AITpro Admin]

I checked your site with Firefox and Firebug and MaxCDN is not being blocked at all.  The only thing that is being blocked is Gravity Forms js scripts.  Please add the Plugin Firewall whitelist rule that I posted above for Gravity Forms plugin js scripts.

[AITpro Admin]

So after looking at everything I am 100% convinced that MaxCDN sent you a generic support message that is not valid in your case.  What I suspect is that since Gravity Forms was being blocked then MaxCDN was detecting this and the support folks just sent you a plain vanilla copy and paste generic support message.  Whitelist the Gravity Forms plugin js scripts and this should take care of the only issue.

[jena]

I had added their ip on allow,deny in htaccess.Please let me know how to resolve the hotlinking issue. Heres what maxcdn support said – On Tue, May 21, 2013 at 5:14 PM, NetDNA Support wrote: I have ran a check on your website and the reason why the images are not showing is because you have some kind of hotlink protection going on, and the images are giving 403 error:

~$ curl -i http: //bolchurch.missionwebs.org/files/2013/03/dsc_1464-l.jpg
HTTP/1.1 403 Forbidden
Date: Tue, 21 May 2013 21:10:40 GMT
Server: Apache
Content-Length: 361
Connection: close
Content-Type: text/html; charset=iso-8859-1

Please check your .htaccess file and remove this protection and the images will show again. Thank you.

On Wed, May 22, 2013 at 9:31 AM, NetDNA Support wrote:
I see that you have still holding ON the blockage which prevents us from fetching origin assets. I went on edge server and re-ran the curl command with same outcome:

curl -I http: //bolchurch.missionwebs.org/wp-content/plugins/jquery-collapse-o-matic/light_style.css?ver=1.5.2
HTTP/1.1 403 Forbidden
Date: Wed, 22 May 2013 13:26:12 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=iso-8859-1

Also, this may not be just blockage of our IPs, I can’t access this file on origin from any location (several servers, my home pc,…), it always returns 403 so you may need to recheck your throttling systems.

[AITpro Admin]

I do not think this has to do with hotlink protection or whitelisting an IP address.  Something is definitely wrong on this site and I suspect that something is not setup correctly with the site itself/something is misconfigured on this website/BPS Pro was configured on a subsite and not on the Primary site, etc.  I get a 404 when trying to view this image file:  bolchurch.missionwebs.org/files/2013/03/dsc_1464-l.jpg

Do the standard BPS Pro troubleshooting steps to take BPS Pro out of the equation. Do step 1 & 2
http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting Then see if you can view this image file:  bolchurch.missionwebs.org/files/2013/03/dsc_1464-l.jpg

[AITpro Admin]

Actually just send me a login to this site.  Several of your other Network/Multisite sites previously had problems with being misconfigured/things not being setup correctly/BPS Pro not being setup correctly/etc etc etc so it will be quicker for me to login and figure out what is not setup correctly or wrong about this particular Network/Multisite site.  Thanks.

[jena]

I think its not related to cdn because I see the issue in all sites whether they use cdn or not.  gce.missionwebs.org/  The images are not loading.It show 404 error for images.  Everything was working perfect.I dont understand why it suddenly sho this issue?  Its wordpress multisite and images ares tored in blogs.dir I have mailed the login details.  Please check.  Thanks

[AITpro Admin]

Ok on your main site this problem was found and corrected.

The problem was this.  The [obsolete-removed] buttons not have been used since the domain that is showing is the development domain name:  aitpro.local and not your domain name.  Clicked the [obsolete-removed] buttons and activated BulletProof Mode again for your Root folder.  Problem was resolved. Please check your image files now. I cannot see the other site under this Network/Multisite site.  bolchurch.missionwebs.org so i cannot check it.  I still see 404 errors for image files for this site, but since I do not have access to this site then there is nothing further I can do.  Please grant me access to this site if you would like for me to look at the problem.

# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
# 
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*missionwebs.org.*
RewriteRule . - [S=1]

[AITpro Admin]

Actually disregard that.  I do have access to the bolchurch site and I am looking at what might be wrong with that site now.

[AITpro Admin]

All images are now displaying correctly on all sites by fixing the mistake with the Root .htaccess file on the Primary site.  This link is just not valid – bolchurch.missionwebs.org/files/2013/03/dsc_1464-l.jpg.  this image file actually does not exist.  All valid image files are now displaying correctly.

[Author]

Posts