Home › Forums › BulletProof Security Pro › Loader.io load testing service – 403 error
Tagged: 403 error
- This topic has 1 reply, 1 voice, and was last updated 5 years, 4 months ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
Email Question:
Hello,
How to stop blocking this request from Loaderio https://loader.io
I’m using Loader service for Load test but BPS blocking Loader.
I found this: https://forum.ait-pro.com/forums/topic/whitelist-bots-allow-good-bots-to-make-a-head-request/
But I’m not shore did I understand what exactly I need to do
[403 GET Request: 07.11.2018. - 12:27] BPS Pro: 13.7 WP: 4.9.8 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: blueprint.hr Host Name: SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /loaderio-b734592f068dd0eab110a75e1e0fdeeb.txt QUERY_STRING: HTTP_USER_AGENT: loaderio;verification-bot
AITpro AdminKeymasterConfirmed working solution:
I think what is being blocked is “loaderio” in the User Agent security rules shown in the example code below.
1. Go to the BPS Pro > B-Core > Custom Code tab page.
2. Click the Root htaccess File Custom Code accordion tab button.
3. Scroll down to this Custom Code Text Box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
4. Edit your existing custom code in that Custom Code text box and delete the yellow highlighted sections of code shown in the example below from your custom code that is saved in Custom Code Text Box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS.
5. Click the Save Root Custom Code button.
6. Go to the Security Modes tab page and click the Root Folder BulletProof Mode Activate button.
7. Retest Loader.io# CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS # BEGIN BPSQSE BPS QUERY STRING EXPLOITS # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too. # Good sites such as W3C use it for their W3C-LinkChecker. # Use BPS Custom Code to add or remove user agents temporarily or permanently from the # User Agent filters directly below or to modify/edit/change any of the other security code rules below. RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
-
AuthorPosts
- You must be logged in to reply to this topic.