Home › Forums › BulletProof Security Pro › Event Espresso – espresso_batch 403 error
Tagged: 403 error, espresso_batch, Event Espresso
- This topic has 17 replies, 2 voices, and was last updated 6 years, 10 months ago by AITpro Admin.
-
AuthorPosts
-
Rob BParticipant
[Topic has been Split into a new Topic]
Ok I did have the WP Edit installed. I deactivated it and am now getting a 403 error with no other information.In BP security log I am getting.
[403 GET Request: March 22, 2017 1:58 pm] BPS: .54.5 WP: 4.7.3 Event Code: WPADMIN-SBR Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: xx.xxx.xx.xx Host Name: xx-xx-xxx-xx.isp.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://example.org/Dir/wp-admin/admin.php?page=espresso_registrations&action=default&event_id=1163&default_nonce=db653d011f REQUEST_URI: /Dir/wp-admin/admin.php?page=espresso_batch&use_filters=1&filters=a%3A5%3A%7Bi%3A0%3Ba%3A2%3A%7Bs%3A6%3A%22EVT_ID%22%3Bi%3A1163%3Bs%3A6%3A%22STS_ID%22%3Ba%3A2%3A%7Bi%3A0%3Bs%3A2%3A%22%21%3D%22%3Bi%3A1%3Bs%3A3%3A%22RIC%22%3B%7D%7Ds%3A4%3A%22caps%22%3Bs%3A10%3A%22read_admin%22%3Bs%3A24%3A%22default_where_conditions%22%3Bs%3A15%3A%22this_model_only%22%3Bs%3A8%3A%22order_by%22%3Ba%3A1%3A%7Bs%3A8%3A%22REG_date%22%3Bs%3A4%3A%22DESC%22%3B%7Ds%3A5%3A%22limit%22%3Ba%3A2%3A%7Bi%3A0%3Bi%3A0%3Bi%3A1%3Bi%3A10%3B%7D%7D&return_url=%2F%2Fnaweoa.org%2FConf%2Fwp-admin%2Fadmin.php%3Fpage%3Despresso_registrations%26action%3Ddefault%26event_id%3D1163%26default_nonce%3Ddb653d011f&action=default®istrations_report_nonce=e06be76b8e&return=default&batch=file&job_handler=EventEspressoBatchRequest%5CJobHandlers%5CRegistrationsReport&default_nonce=db653d011f QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
I added this rule to 10. CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES:
# Event Espresso Query String skip/bypass rule RewriteCond %{QUERY_STRING} limit%5B%5D=(.*) [NC] RewriteRule . - [S=13]
But no luck.
AITpro AdminKeymasterSee final working solution for this problem here: https://forum.ait-pro.com/forums/topic/event-espresso-espresso_batch-403-error/#post-32875
@ Rob B – Try this whitelist rule instead and let me know if it works or not.
1. Copy the code below to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
2. Click the Save Root Custom Code button.
3. Go to the Security Modes tab page and click the Root Folder BulletProof Mode Activate button.# Event Espresso Query String skip/bypass rule RewriteCond %{QUERY_STRING} page=espresso(.*) [NC] RewriteRule . - [S=13]
Also if you already have other plugin skip/bypass rules then be sure to change the Skip numbers.
Skip rules MUST be in descending consecutive number order: 15, 14, 13… If you add one plugin skip/bypass rule in this text box it should be skip rule #13. For each additional plugin skip rule that you add the S= skip number is increased by one. Example: if you add 3 plugin skip rules in this text box they would be Skip rules #15, #14 and #13 – RewriteRule . – [S=15] and RewriteRule . – [S=14] and RewriteRule . – [S=13] in descending consecutive order
And most likely you can activate the WP Edit plugin again once you have added and tested that this whitelist rule for Event Espresso is working. The original problem/error that occurs with the WP Edit plugin and the BPS 403.php Security logging template has something to do with how output buffering is flushed in the BPS 403.php logging template and something else that WP Edit is doing with Object output buffering. The BPS 403.php logging template must do what is does with output buffering or else it would cause problems for other plugins.
Rob BParticipantNo sorry that did not do it. I am still getting the same error and same entry in the security log
AITpro AdminKeymasterSee final working solution for this problem here: https://forum.ait-pro.com/forums/topic/event-espresso-espresso_batch-403-error/#post-32875
@ Rob B – Ok then you will need to do these steps below. [code removed – see solution link above]
Rob BParticipantThat did the trick. Thanks so much for being so responsive and thorough with your explanations.
AITpro AdminKeymaster@ Rob B – Great! Thanks for confirming that worked.
Rob BParticipantNow getting an error on a separate report
[403 GET Request: March 27, 2017 10:48 pm] BPS: .54.5 WP: 4.7.3 Event Code: WPADMIN-SBR Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: xx.xx.xxx.xx Host Name: xx-xx-xxx-xx.example.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://example.com/Conf/wp-admin/admin.php?s&_wpnonce=85ccd72aaf&_wp_http_referer=%2FConf%2Fwp-admin%2Fadmin.php%3Fpage%3Despresso_registrations&action=-1&month_range=March+2017&EVT_CAT=-1&_reg_status=0&page=espresso_registrations&route=default&perpage=10&approve_registration_nonce=ac4c3ea821&approve_and_notify_registration_nonce=2ce9db3c8c&decline_registration_nonce=516cb6a03b&pending_registration_nonce=b5dbab2e0e&pending_and_notify_registration_nonce=78a1d2a08b&no_approve_registration_nonce=17c8f01afa&cancel_registration_nonce=bea64a3740&cancel_and_notify_registration_nonce=d3a752f0a9&trash_registrations_nonce=99c2de1edc&paged=1&action2=-1&default_nonce=4f253b70e0 REQUEST_URI: /Conf/wp-admin/admin.php?page=espresso_batch&use_filters=1&filters=a%3A5%3A%7Bi%3A0%3Ba%3A2%3A%7Bs%3A6%3A%22STS_ID%22%3Ba%3A2%3A%7Bi%3A0%3Bs%3A2%3A%22%21%3D%22%3Bi%3A1%3Bs%3A3%3A%22RIC%22%3B%7Ds%3A8%3A%22REG_date%22%3Ba%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22BETWEEN%22%3Bi%3A1%3Ba%3A2%3A%7Bi%3A0%3BO%3A49%3A%22EventEspresso%5Ccore%5Cdomain%5Centities%5CDbSafeDateTime%22%3A1%3A%7Bs%3A19%3A%22%00%2A%00_datetime_string%22%3Bs%3A40%3A%222017-03-01+00%3A00%3A00+%2B0000+Africa%2FAbidjan%22%3B%7Di%3A1%3BO%3A49%3A%22EventEspresso%5Ccore%5Cdomain%5Centities%5CDbSafeDateTime%22%3A1%3A%7Bs%3A19%3A%22%00%2A%00_datetime_string%22%3Bs%3A40%3A%222017-03-31+23%3A59%3A59+%2B0000+Africa%2FAbidjan%22%3B%7D%7D%7D%7Ds%3A4%3A%22caps%22%3Bs%3A10%3A%22read_admin%22%3Bs%3A24%3A%22default_where_conditions%22%3Bs%3A15%3A%22this_model_only%22%3Bs%3A8%3A%22order_by%22%3Ba%3A1%3A%7Bs%3A8%3A%22REG_date%22%3Bs%3A4%3A%22DESC%22%3B%7Ds%3A5%3A%22limit%22%3Ba%3A2%3A%7Bi%3A0%3Bi%3A0%3Bi%3A1%3Bi%3A10%3B%7D%7D&return_url=%2F%2Fexample.com%2FConf%2Fwp-admin%2Fadmin.php%3Fs%26_wpnonce%3D85ccd72aaf%26_wp_http_referer%3D%252FConf%252Fwp-admin%252Fadmin.php%253Fpage%253Despresso_registrations%26action%3D-1%26month_range%3DMarch%2B2017%26EVT_CAT%3D-1%26_reg_status%3D0%26page%3Despresso_registrations%26route%3Ddefault%26perpage%3D10%26approve_registration_nonce%3Dac4c3ea821%26approve_and_notify_registration_nonce%3D2ce9db3c8c%26decline_registration_nonce%3D516cb6a03b%26pending_registration_nonce%3Db5dbab2e0e%26pending_and_notify_registration_nonce%3D78a1d2a08b%26no_approve_registration_nonce%3D17c8f01afa%26cancel_registration_nonce%3Dbea64a3740%26cancel_and_notify_registration_nonce%3Dd3a752f0a9%26trash_registrations_nonce%3D99c2de1edc%26paged%3D1%26action2%3D-1%26default_nonce%3D4f253b70e0&action=default®istrations_report_nonce=21ca0732a7&return=-1&batch=file&job_handler=EventEspressoBatchRequest%5CJobHandlers%5CRegistrationsReport&default_nonce=4f253b70e0 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
AITpro AdminKeymasterSee final working solution for this problem here: https://forum.ait-pro.com/forums/topic/event-espresso-espresso_batch-403-error/#post-32875
@ Rob B – Yeah I see at least 5 different things in the Event Espresso Query String that would appear be to an attack against your website. Give me second and I will post the solution for this one.
AITpro AdminKeymasterSee final working solution for this problem here: https://forum.ait-pro.com/forums/topic/event-espresso-espresso_batch-403-error/#post-32875
@ Rob B – Oops the Query String skip/bypass rule that I first had you try was for the Root htaccess file and not the wp-admin htaccess file. This Query String skip/bypass rule below works for the second Security Log entry you posted and also for the first Security Log entry that you posted as well or in other words allows these Query Strings in Event Espresso to do whatever they are doing. 😉 Also since you are whitelisting/allowing ONLY the Event Espresso Query String match of: espresso_batch then this is completely safe to do and would not alter your wp-admin file security protection for other attacks that use the same dangerous types of things in Query Strings to attack your website. 😉
1. Copy the wp-admin htaccess code below into this BPS wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
2. Click the save wp-admin Custom Code button.
3. Go to the Security Modes page and click the wp-admin folder BulletProof Mode Activate button.# Event Espresso Query String skip/bypass rule RewriteCond %{QUERY_STRING} espresso_batch(.*) [NC] RewriteRule . - [S=2]
Rob BParticipantAdded this last code and the report started then got
Forbidden
An error occurred and the job has been stopped.Also getting Forbidden
You don’t have permission to access /Conf/wp-admin/index.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.for all other Dashboard requests.
No BPS Error Log entry.
Disabled the wp-admin folder security Same result
Disabled the root folder security, Then the report worked.AITpro AdminKeymasterSee final working solution for this problem here: https://forum.ait-pro.com/forums/topic/event-espresso-espresso_batch-403-error/#post-32875
@ Rob B – At this point send me a WordPress Administrator login to this site and an FTP login to this site so I can login to this site and figure out and fix whatever is going on. Send the login info to: info at ait-pro dot com.
Rob BParticipantJust checking to see if you got the credentials for FTP and login. Let me know if you neeed anything else
AITpro AdminKeymaster@ Rob B – Nope, we have not received an email from you.
AITpro AdminKeymasterUPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.
UPDATED: 6-7-2017
@ Rob B – Ok got it working.
Note: The Event Espresso Report Request is bounced from the backend of a site to the frontend of a site (using both GET and POST Requests at various stages) and then back to the backend of a site with a return URL.1. Copy the code below to this BPS Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
2. Click the Save Root Custom Code button.
3. Go to the Security Modes tab page and click the Root Folder BulletProof Mode Activate button.# BEGIN BPSQSE BPS QUERY STRING EXPLOITS # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too. # Good sites such as W3C use it for their W3C-LinkChecker. # Use BPS Custom Code to add or remove user agents temporarily or permanently from the # User Agent filters directly below or to modify/edit/change any of the other security code rules below. RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] #RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR] RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F] # END BPSQSE BPS QUERY STRING EXPLOITS
1. Copy the wp-admin htaccess code below into this BPS wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
Note: The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. If you have other wp-admin skip/bypass rules already then either combine them or add this skip/bypass rule separately above the other rules and change the skip #. Example: If you already have skip #’s 2 and 3 then this rule would be skip rule #4.
# admin.php skip/bypass rule RewriteCond %{REQUEST_URI} (admin\.php) [NC] RewriteRule . - [S=2]
2. Copy the modified wp-admin htaccess code below to this BPS wp-admin Custom Code text box: 4. CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
3. Click the Save wp-admin Custom Code button.
4. Go to the Security Modes page and click the wp-admin BulletProof Mode Activate button.# BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS # WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED # Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently. RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] #RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR] RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] #RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F] # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
Rob BParticipantThanks for the solution, It works now, will have to deal with Event Espresso. Great support.
-
AuthorPosts
- You must be logged in to reply to this topic.