Search using Apostrophe – 403 error

Home Forums BulletProof Security Pro Search using Apostrophe – 403 error

This topic contains 11 replies, has 5 voices, and was last updated by  protection 10 months, 2 weeks ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #29129

    Soleil
    Participant

    I get a 403 Forbidden Error Page for search when i search for an Apostrophe “‘” all the other symbols seem to work but that, i cleared all my .htaaccess file and it seemed to work any way i can get it working with bulletproof htaaccess protection. My site is: http://1buy.vn .  Please kindly help.

    #29132

    AITpro Admin
    Keymaster

    Solution for allowing apostrophe’s/single quote code characters in search forms on the frontend of your website:  http://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939

    Solution for allowing apostrophe’s/single quote code characters in search forms on the backend of your website:  http://forum.ait-pro.com/forums/topic/search-string-403-error/#post-14372

    #30292

    Pako
    Participant

    [Topic has been merged into this relevant Topic]
    Hi

    If I want to search a word like " l'été " >  http://www.domodeco.fr/?s=l'été
    I get this:
    domodeco.fr 403 Forbidden Error Page
    If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.
    IP Address: 149.126.76.25

    The same issue occur in the WordPress backoffice if I want to search someting within posts.

    Thanks

    #30294

    AITpro Admin
    Keymaster

    @ Pako – To allow the single quote and double quote code characters in searches on the frontend and backend of your website see this reply in this forum topic:  http://forum.ait-pro.com/forums/topic/403-forbidden-error-page-for-search/#post-29132

    #31038

    Immerse
    Participant

    [Topic has been merged into this relevant Topic]
    Hi,

    I am getting the following security log entry and getting blocked from seeing my search results when I try searching for a post name in wp backend while logged on as admin.  I have edited out the bits that are irrelevant (my ip, domain name and empty fields). I was simply trying to find a specific post in order to update an image.

    It happens (and only matters) when I am inside admin. I cannot whitelist my ip because it changes frequently, and I cannot whitelist a specific search (there are about 1400 posts and I have no idea what I might want to search for).

    While writing this and checking that it was happening for any search, I just discovered that if I search for kats there is no problem. Unfortunately, ‘kats’ doesn’t bring up the post I want. If instead I search for kat’s I get sent to the naughty page and trigger an alert. Given that ‘kats’ doesn’t bring up the post I want, but ‘kat’s’ presumably would when the post is called  ‘kat’s home’ I need to be able to search properly.

    This can’t be unique to me, given that it’s not a plugin thing and the search is a simply ‘find post’ in wp, so I’m guessing there’s an easy answer. Hoping, anyway!

    [403 GET Request: 28th September 2016 - 4:33 pm]
    Event Code: WPADMIN-SBR
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_REFERER: https://www.domain/wpfolder/wp-admin/edit.php?post_type=cattery
    REQUEST_URI: /wpfolder/wp-admin/edit.php?s=kat%27s&post_status=all&post_type=cattery&_wpnonce=6b8904ee73&_wp_http_referer=%2Fcats%2Fwp-admin%2Fedit.php%3Fpost_type%3Dcattery&action=-1&m=0&seo_filter=&paged=1&action2=-1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
    #31040

    AITpro Admin
    Keymaster

    @ Immerse – To allow the single quote and double quote code characters in searches on the frontend and backend of your website see this reply in this forum topic:  http://forum.ait-pro.com/forums/topic/403-forbidden-error-page-for-search/#post-29132

    #31043

    Immerse
    Participant

    Thank you

    #33336

    protection
    Participant

    Hello –

    Is it possible to only allow apostrophes for a specific URL (and querystrings)? For example, I’d like to prevent apostrophes in all URLs except for the examples below:

    https://www.example.com/allow-single-apostrophes/
    https://www.example.com/allow-single-apostrophes/?last_name=o'brien
    https://www.example.com/allow-single-apostrophes/?last_name=o%27brien

    In other words, if the URL contains the path allow-single-apostrophes, I’d like to allow it for these URLs only.
    EDIT: I don’t know if it’s important for you to know this, but this particular URL connects to a different database, and I’m not overly worried if this particular DB gets hacked.

    Thanks

    #33337

    AITpro Admin
    Keymaster

    @ protection – By default WordPress strips dangerous code characters such as the single quote code character/apostrophe from URLs (Posts and Pages).  The BPS Query String Exploits code has several Query String security rules that block the single quote code character in Query Strings, but there is 1 BPS Query String Exploits security rule that specifically blocks actual/definite SQL Injection attacks, which always use the single quote code character because all SQL Injection attacks must use the single quote code character in an SQL Injection Query String in order for the Query String/attack/hacking attempt to be valid:  RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    So what that means is that you can safely comment out all other BPS Query String Exploits security rules that block apostrophes/single quote code characters because the remaining BPS SQL Injection Query String Exploit security rule will still block/stop any actual SQL Injection attacks/hacking attempts against your website.  See this forum topic for the necessary Custom Code steps to allow all apostrophes in Query Strings except for actual SQL Injection attacks:  https://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939

    #33338

    protection
    Participant

    Thanks for the quick response. I’m still a bit confused though.

    I currently have the following line in my .htaccess:

    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

    Does that mean I can safely comment out these lines below?:

    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]

    Thanks

    #33340

    AITpro Admin
    Keymaster

    @ protection – Yes, that is exactly what that means.  Example:  SQL Injection Query String:  %27%20UNION%20SELECT%20password%20FROM%20Users%20WHERE%20name%3D%27admin%27-- will be blocked by the BPS SQL Injection Query String Exploits security rule because of these matches in the Query String: %27 and UNION or SELECT

    #33343

    protection
    Participant

    That worked. Thanks!

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.