403 Block on Google Bot

Home Forums BulletProof Security Pro 403 Block on Google Bot

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #43893
    Terry
    Participant

    I am using Google’s url inspection tool an when I click for the live inspection it shows that the page is blocked with a 403 for Google bots so Google can’t fetch it. Is there somewhere in BPS Pro that would be blocking the Google Bots?

    #43895
    AITpro Admin
    Keymaster

    BPS does not block the Google Search Console URL Inspection tool.  Does the URL have a Query String on the end of the URL?  Maybe something in the Query String is being blocked?  Have you added any additional custom htaccess code?  Do you have any other plugins installed that would block GET Requests?

    #43903
    Terry
    Participant

    No there is no string attached to the url. It is the main domain url. I haven’t added any new htaccess code and only have BPS Pro that would block Get request. The Google Search Console under the URL Inspection shows indexed as shown here. https://app.screencast.com/KmnZGK6QiYWqp but they advise to Test Live URL as well and this is what it shows. https://app.screencast.com/w3I4QN9zW6mLg indicating a 403 which is confusing since the site does show in search results.

    #43904
    AITpro Admin
    Keymaster

    Looks like you are checking the URL from a phone.  Does the same thing happen when you are checking from a computer?

    I need to see the Security Log entry that shows what is being blocked. Go to the BPS Security Log page and post the Security Log entry that shows what is being blocked. Note: The BPS Security Log logs all 403 errors whether or not BPS is blocking something. Example: If ModSecurity or some other security feature on your web host is blocking something then the BPS Security Log will log that block.

    #43905
    AITpro Admin
    Keymaster

    I checked Google indexed search results and your home page is already indexed by Google.  Use the site operator to check that > site:example.com

    #43910
    Terry
    Participant

    This is what the security log shows when I click the Live Test in Google Search Console.

    [403 GET Request: June 10, 2024 - 4:19 pm]
    BPS Pro: 17.4
    WP: 6.5.4
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 62.72.43.73
    Host Name: vmi1923601.contaboserver.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /.env
    QUERY_STRING:
    HTTP_USER_AGENT: python-requests/2.32.3
    
    [403 GET Request: June 10, 2024 - 4:19 pm]
    BPS Pro: 17.4
    WP: 6.5.4
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 62.72.43.73
    Host Name: vmi1923601.contaboserver.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /.env
    QUERY_STRING:
    HTTP_USER_AGENT: python-requests/2.32.3
    #43911
    Terry
    Participant

    I tried again on a different page and this is what showed in the security log.

    [403 GET Request: June 10, 2024 - 4:28 pm]
    BPS Pro: 17.4
    WP: 6.5.4
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 66.249.70.109
    Host Name: crawl-66-249-70-109.googlebot.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /dr-dale-baird-dc/
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (compatible; Google-InspectionTool/1.0;)
    
    [403 GET Request: June 10, 2024 - 4:28 pm]
    BPS Pro: 17.4
    WP: 6.5.4
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 66.249.70.109
    Host Name: crawl-66-249-70-109.googlebot.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /dr-dale-baird-dc/
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.170 Mobile Safari/537.36 (compatible; Google-InspectionTool/1.0;)
    #43912
    AITpro Admin
    Keymaster

    The first Security Log entries that you posted are a hacker/scammer/spammer trying to scan your /.env protected server folder for vulnerabilities.

    When I try to view this page it is blank > /dr-dale-baird-dc/.  You have a caching problem. Delete all your W3TC plugin cache, browser cache and Jetpack cache and anything else you are using for cache.

    Mangled/Stale/Corrupt cache can cause 403 errors because the Source Code is mangled/unreadable.  Also you are using W3TC > Page Caching using Disk: Enhanced. This used to be very problematic years ago and may still be a huge problem.

Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.