403 error from NewsNow

Home Forums BulletProof Security Free 403 error from NewsNow

Tagged: ,

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • August 24, 2013 at 10:26 am #8952
    Simon
    Participant

    Hi,

    My site, VoxelArcade uses the news site, NewsNow.co.uk as a traffic source. The problem is, the links they put up are altered so they come through with /? at the end, which causes a 403 error. If I turn off BPS the error disappears.

    Is there any way to filter this? NewsNow is an important part of our site, and it is the only thing stopping me from going Pro with BPS!

    Any help would be greatly appreciated

    August 24, 2013 at 10:34 am #8954
    AITpro Admin
    Keymaster

    Post the BPS Security Log error for this particular 403 error.  I assume the Query String is malformed or using coding characters in a way that is being interpreted as a malicious Query String.

    August 24, 2013 at 10:49 am #8957
    Simon
    Participant

    Hi,

    The log doesn’t seem to be updating correctly. It said it was updated at 5.54, then changed to 7.00, and now says 5.54 again.

    Here is the page that appears:
    Forbidden
    You don’t have permission to access /reviews/disney-infinity-review/ on this server.

    Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

    The only difference between this and every other inward link is the /? at the end of the url.

    August 24, 2013 at 11:09 am #8958
    AITpro Admin
    Keymaster

    Not sure why the Security Log is not working correctly on your site.

    Please post the entire URL including the /? so that I can see what the issue is.  Most likely you will need to comment out these 2 security filters in your Root .htaccess file.  These 2 security filters will block malformed/bad/improper Request Strings or malformed/bad/improper Query Strings.

    RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
    August 24, 2013 at 11:23 am #8964
    Simon
    Participant

    Hi,

    Yes that worked perfectly, thanks a lot. Will the plugin remember that I have removed these lines across updates, etc?

    Thanks

    August 24, 2013 at 11:31 am #8965
    AITpro Admin
    Keymaster

    You can add the entire Query String Exploits section of code to BPS Custom Code to save it permanently.  BPS upgrades do not change your custom modifications that you make directly in the root .htaccess file, but by adding your customized code to BPS Custom Code then if at a later time you activate Root BulletProof Mode again then your customizations will be added each time from BPS Custom Code.

    1. Copy the BPS Query String Exploits code from your Root .htaccess file starting and ending from the example shown below (also shown on the Custom Code page highlighted in yellow to the right of the Custom Code text box)….to this BPS Custom Code text box: CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS: Modify Query String Exploit code here
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # BPSQSE BPS QUERY STRING EXPLOITS
# The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
# Good sites such as W3C use it for their W3C-LinkChecker.
.....
.....
.....
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F,L]
  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.