WordPress Theme Customizer – Network/Multisite 403 error

Home Forums BulletProof Security Pro WordPress Theme Customizer – Network/Multisite 403 error

Tagged: ,

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • February 9, 2017 at 11:23 am #32363
    Flinelli
    Participant

    One of my customers has this multisite installation with two sites: www.domain.tld and www.domain.tld/en/ and tells me, the Customize-Link shows a 403 forbidden error.

    I found a solution in this thread: https://forum.ait-pro.com/forums/topic/unable-to-access-some-pages/

    But now it only works for one of the two sites: http://www.domain.tld/wp-admin/customize.php?url=http://www.domain.tld/ works fine, but http://www.domain.tld/en/wp-admin/customize.php?url=http://www.domain.tld/en/ still shows 403.

    BTW: When I urlencode the links, both are working fine.

    Any idea? Thanks.

    February 9, 2017 at 11:39 am #32364
    AITpro Admin
    Keymaster

    Try adding an RFI whitelist rule in the Root htaccess file for the customize.php file.

    1. Copy the code below to this Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE: Add additional Referers and/or misc file names.
    IMPORTANT! Change the HTTP_REFERER example.com domain name in the code below to your actual domain/website name after you copy this code to BPS Custom Code.
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
#
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (customize\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*example.com.*
RewriteRule . - [S=1]
    February 10, 2017 at 5:14 am #32368
    Flinelli
    Participant

    Thanks for your fast answer! That has solved the problem!

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.