Divi Booster – 403 error

Home Forums BulletProof Security Pro Divi Booster – 403 error

This topic contains 6 replies, has 3 voices, and was last updated by  AITpro Admin 1 year, 10 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #29834

    Brett
    Participant

    Hi All,

    I’m new to BPS Pro and I am struggling trying to get a plugin to work after installing it.  The plugin is called “divi booster” with the Divi Theme.  It replies a lot on the htaccess file. I’ve tried all the trouble shooting guides, and unsure where to go next.  Even when I deactivate the BPS Pro plugin the Divi Booster plugin seems to no longer work as it should, but does on my other sites that I have not installed BPS Pro as yet.
    My white list rules look like this:

    /bloom/js/custom.js, /bloom/js/idle-timer.min.js, /bloom/js/jquery.uniform.min.js, /wordpress-seo/js/dist/wp-seo-admin-global-330.min.js, /uploads/wtfdivi/wp_footer.js

    I am also getting 1000’s of quarnatine messages for the 3 files over and over: htacess, index.html and web.config
    I copied and pasted the part from the log that is relevant to the divi booster plugin below

    [403 GET Request: 21 June, 2016 - 2:36 pm]
    Event Code: UAEGWR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 139.218.16.239
    Host Name: 239.16.218.139.dynamic.dsl.dv.iprimus.net.au
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://sparkysatagnes.com.au/
    REQUEST_URI: /wp-content/uploads/wtfdivi/wp_footer.js?1466472689&ver=4.5.2
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36

    thanks
    Brett

    #29835

    rafaelmagic
    Participant

    Here is some ideas. I think you have three issues possibly less. Without me logging in to your site, here are some best guesses………………………

    Issue One:  /uploads/wtfdivi/wp_footer.js  should not be a Firewall whitelist???
    Do you get any issues in the Plugin Firewall? Did you add it manually or was it automatic. If its a automatically added rule, its fine. Then go to issue 2.

    Issue Two:  You need a AutoRestore Exclude Rule for individual files and/or directories
    It might be required for the file: web.config, index.html and possibly the uploads/wtfdivi/wp_footer.js
    Is index.html from caching?
    See link below for example.
    http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#autorestore-exclude-rules

    Issue Three:
    Since Divi Booster is adding code to to the .htacess, it is being quarantined.
    You need to add the code to the section in BPS called Root Custom Code text box: CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE See the link below for an example. http://forum.ait-pro.com/forums/topic/htaccess-caching-code-speed-boost-cache-code/

    If that doesn’t fix all your issues. Visit: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    One of the problems that I see with the Divi Booster is that its running js files from the uploads directory.
    BPS Pro add .htacess in the uploads folders that prevents .js from running since that folder has a 777 permission.

    #29836

    AITpro Admin
    Keymaster

    BPS Pro is a very advanced plugin that has built-in troubleshooting capability.  All BPS Pro features can be turned On or Off individually for troubleshooting and testing: http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

    Delete this whitelist rule that you added in the Plugin Firewall Whitelist Text area:  /uploads/wtfdivi/wp_footer.js.  The Plugin Firewall protects the WordPress /plugins/ folder.  UAEG protects the WordPress /uploads/ folder.  The wp_footer.js file is in the WordPress /uploads/ folder and is being blocked by UAEG.

    Go to the BPS Pro System Info page and copy this System Information below and paste it in your reply so I can see what type of server you have:

    Server Type:
    Operating System:
    WP Filesystem API Method:
    Server API:

    #29861

    Brett
    Participant

    thanks, yes starting to understand a little more.  I deactivated the UAEG before I got this message and the plugin is working fine.
    Server Type: Apache
    Operating System: Linux
    WP Filesystem API Method: direct
    Server API: cgi-fcgi CGI Host Server Type

    #29862

    AITpro Admin
    Keymaster

    Ok do these steps below to create a custom UAEG htaccess file in Custom Code and add the whitelist rule below for Divi Booster.

    UAEG htaccess File Custom Code Steps
    1. Copy and paste your entire Uploads .htaccess file code from the “Your Current Uploads htaccess File” tab on the htaccess File Editor page into the CUSTOM CODE UAEG text box.
    2. Edit/modify/customize your UAEG htaccess code – see instructions below.
    3. Click the Save UAEG Custom Code button to save your UAEG custom code.
    4. Go to the Security Modes page and click the Uploads Anti-Exploit Guard BulletProof Mode Activate button.

    For Step #2 this is the code you will be editing/changing in your UAEG htaccess code that you copied to UAEG Custom Code to add your whitelist rule for the Divi Boost /uploads/ folder. Your Divi Booster folder whitelist rule is shown below.

    # BEGIN WHITELIST
    # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front
    # of the whitelist rule you want to use, add the actual filename or folder name you want to whitelist and also
    # delete the # sign in front of #Require env whitelist and #Allow from env=whitelist.
    # Whitelist a specific js file in the uploads folder: example.js
    #SetEnvIf Request_URI "example.js$" whitelist
    # Whitelist an entire folder in the uploads folder: /uploads/example-folder/
    SetEnvIf Request_URI "wtfdivi/.*$" whitelist
    # END WHITELIST

    Depending on which type of UAEG htaccess file was created by BPS for your particular website/server you will be uncommenting (removing the # sign from in front of a line of code) either of these lines of code below.

    Either you will see this line of code and need to remove the # sign: #Allow from env=whitelist
    or
    you will see these lines of code and need to remove the # signs: #Require env whitelist and #Allow from env=whitelist

    After you are done editing your UAEG htaccess code do steps #3 and #4

    #29867

    Brett
    Participant

    This is the entire contents of my “Your Current Uploads htaccess File” tab on the htaccess File Editor page.
    An htaccess file was not found in your /uploads folder.

    #29872

    AITpro Admin
    Keymaster

    Since you previously deactivated UAEG then click the Activate button to create a new UAEG htaccess file.  You should now see your UAEG htaccess code in the htaccess File Editor window.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.