Home › Forums › BulletProof Security Free › 403 error from NewsNow
Tagged: BPS Query String Exploits, Custom Code
- This topic has 5 replies, 2 voices, and was last updated 10 years, 8 months ago by AITpro Admin.
-
AuthorPosts
-
SimonParticipant
Hi,
My site, VoxelArcade uses the news site, NewsNow.co.uk as a traffic source. The problem is, the links they put up are altered so they come through with /? at the end, which causes a 403 error. If I turn off BPS the error disappears.
Is there any way to filter this? NewsNow is an important part of our site, and it is the only thing stopping me from going Pro with BPS!
Any help would be greatly appreciated
AITpro AdminKeymasterPost the BPS Security Log error for this particular 403 error. I assume the Query String is malformed or using coding characters in a way that is being interpreted as a malicious Query String.
SimonParticipantHi,
The log doesn’t seem to be updating correctly. It said it was updated at 5.54, then changed to 7.00, and now says 5.54 again.
Here is the page that appears:
Forbidden
You don’t have permission to access /reviews/disney-infinity-review/ on this server.Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
The only difference between this and every other inward link is the /? at the end of the url.
AITpro AdminKeymasterNot sure why the Security Log is not working correctly on your site.
Please post the entire URL including the /? so that I can see what the issue is. Most likely you will need to comment out these 2 security filters in your Root .htaccess file. These 2 security filters will block malformed/bad/improper Request Strings or malformed/bad/improper Query Strings.
RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR] RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
SimonParticipantHi,
Yes that worked perfectly, thanks a lot. Will the plugin remember that I have removed these lines across updates, etc?
Thanks
AITpro AdminKeymasterYou can add the entire Query String Exploits section of code to BPS Custom Code to save it permanently. BPS upgrades do not change your custom modifications that you make directly in the root .htaccess file, but by adding your customized code to BPS Custom Code then if at a later time you activate Root BulletProof Mode again then your customizations will be added each time from BPS Custom Code.
1. Copy the BPS Query String Exploits code from your Root .htaccess file starting and ending from the example shown below (also shown on the Custom Code page highlighted in yellow to the right of the Custom Code text box)….to this BPS Custom Code text box: CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS: Modify Query String Exploit code here
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.# BPSQSE BPS QUERY STRING EXPLOITS # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too. # Good sites such as W3C use it for their W3C-LinkChecker. ..... ..... ..... RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F,L]
-
AuthorPosts
- You must be logged in to reply to this topic.