Home › Forums › BulletProof Security Pro › Search using Apostrophe – 403 error
Tagged: 403 error, apostrophe, search, single quote code character
- This topic has 12 replies, 6 voices, and was last updated 1 year, 1 month ago by
Tuan Cho.
-
AuthorPosts
-
Soleil
ParticipantI get a 403 Forbidden Error Page for search when i search for an Apostrophe “‘” all the other symbols seem to work but that, i cleared all my .htaaccess file and it seemed to work any way i can get it working with bulletproof htaaccess protection. My site is: http://1buy.vn . Please kindly help.
AITpro Admin
KeymasterSolution for allowing apostrophe’s/single quote code characters in search forms on the frontend of your website: http://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939
Solution for allowing apostrophe’s/single quote code characters in search forms on the backend of your website: http://forum.ait-pro.com/forums/topic/search-string-403-error/#post-14372
Pako
Participant[Topic has been merged into this relevant Topic]
HiIf I want to search a word like
" l'été " >
http://www.domodeco.fr/?s=l'été
I get this:
domodeco.fr 403 Forbidden Error Page
If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.
IP Address: 149.126.76.25The same issue occur in the WordPress backoffice if I want to search someting within posts.
Thanks
AITpro Admin
Keymaster@ Pako – To allow the single quote and double quote code characters in searches on the frontend and backend of your website see this reply in this forum topic: http://forum.ait-pro.com/forums/topic/403-forbidden-error-page-for-search/#post-29132
Immerse
Participant[Topic has been merged into this relevant Topic]
Hi,I am getting the following security log entry and getting blocked from seeing my search results when I try searching for a post name in wp backend while logged on as admin. I have edited out the bits that are irrelevant (my ip, domain name and empty fields). I was simply trying to find a specific post in order to update an image.
It happens (and only matters) when I am inside admin. I cannot whitelist my ip because it changes frequently, and I cannot whitelist a specific search (there are about 1400 posts and I have no idea what I might want to search for).
While writing this and checking that it was happening for any search, I just discovered that if I search for kats there is no problem. Unfortunately, ‘kats’ doesn’t bring up the post I want. If instead I search for kat’s I get sent to the naughty page and trigger an alert. Given that ‘kats’ doesn’t bring up the post I want, but ‘kat’s’ presumably would when the post is called ‘kat’s home’ I need to be able to search properly.
This can’t be unique to me, given that it’s not a plugin thing and the search is a simply ‘find post’ in wp, so I’m guessing there’s an easy answer. Hoping, anyway!
[403 GET Request: 28th September 2016 - 4:33 pm] Event Code: WPADMIN-SBR SERVER_PROTOCOL: HTTP/1.1 HTTP_REFERER: https://www.domain/wpfolder/wp-admin/edit.php?post_type=cattery REQUEST_URI: /wpfolder/wp-admin/edit.php?s=kat%27s&post_status=all&post_type=cattery&_wpnonce=6b8904ee73&_wp_http_referer=%2Fcats%2Fwp-admin%2Fedit.php%3Fpost_type%3Dcattery&action=-1&m=0&seo_filter=&paged=1&action2=-1 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
AITpro Admin
Keymaster@ Immerse – To allow the single quote and double quote code characters in searches on the frontend and backend of your website see this reply in this forum topic: http://forum.ait-pro.com/forums/topic/403-forbidden-error-page-for-search/#post-29132
Immerse
ParticipantThank you
protection
ParticipantHello –
Is it possible to only allow apostrophes for a specific URL (and querystrings)? For example, I’d like to prevent apostrophes in all URLs except for the examples below:
https://www.example.com/allow-single-apostrophes/ https://www.example.com/allow-single-apostrophes/?last_name=o'brien https://www.example.com/allow-single-apostrophes/?last_name=o%27brien
In other words, if the URL contains the path allow-single-apostrophes, I’d like to allow it for these URLs only.
EDIT: I don’t know if it’s important for you to know this, but this particular URL connects to a different database, and I’m not overly worried if this particular DB gets hacked.Thanks
AITpro Admin
Keymaster@ protection – By default WordPress strips dangerous code characters such as the single quote code character/apostrophe from URLs (Posts and Pages). The BPS Query String Exploits code has several Query String security rules that block the single quote code character in Query Strings, but there is 1 BPS Query String Exploits security rule that specifically blocks actual/definite SQL Injection attacks, which always use the single quote code character because all SQL Injection attacks must use the single quote code character in an SQL Injection Query String in order for the Query String/attack/hacking attempt to be valid:
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
So what that means is that you can safely comment out all other BPS Query String Exploits security rules that block apostrophes/single quote code characters because the remaining BPS SQL Injection Query String Exploit security rule will still block/stop any actual SQL Injection attacks/hacking attempts against your website. See this forum topic for the necessary Custom Code steps to allow all apostrophes in Query Strings except for actual SQL Injection attacks: https://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939protection
ParticipantThanks for the quick response. I’m still a bit confused though.
I currently have the following line in my .htaccess:
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
Does that mean I can safely comment out these lines below?:
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
Thanks
AITpro Admin
Keymaster@ protection – Yes, that is exactly what that means. Example: SQL Injection Query String:
%27%20UNION%20SELECT%20password%20FROM%20Users%20WHERE%20name%3D%27admin%27--
will be blocked by the BPS SQL Injection Query String Exploits security rule because of these matches in the Query String: %27 and UNION or SELECTprotection
ParticipantThat worked. Thanks!
Tuan Cho
ParticipantI also encountered a 403 error for https://wordle-nyt.org/ website and it took me a lot of time to resolve this issue.
-
AuthorPosts
- You must be logged in to reply to this topic.