Custom html login page POST Request – 403 error

Home Forums BulletProof Security Free Custom html login page POST Request – 403 error

This topic contains 1 reply, has 2 voices, and was last updated by  AITpro Admin 9 months, 2 weeks ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #33793

    Vintagepornbay.com
    Participant

    We put a video embed which contains login request form, for example on this page:
    http://www.vintagepornbay.com/uk/a-promise-of-bed-1970-uk-high-quality-vintage-porn-movie-download/

    When we click on login button it returns this error:
    ——————
    vintagepornbay.com 403 Forbidden Error Page
    If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.
    IP Address: xxxxxxx (I have censored this ip)
    ——————
    If I put this code into custom htaccess from bps settings:
    RewriteCond %{HTTP_REFERER} !^.*/embed-cashp9coidpj.html
    The error vanishes but nothing happens. No login is processed.
    ——————
    Here is the security log entry for this:

    [403 POST Request: August 6, 2017 8:59 am]
    BPS: 2.3
    WP: 4.8.1
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 178.62.5.157
    Host Name: 178.62.5.157
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.vintagepornbay.com/embed-cashp9coidpj.html
    REQUEST_URI: /embed-cashp9coidpj.html
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
    REQUEST BODY: op=login&id=cashp9coidpj&ios=&g-recaptcha-response=&login=test&password=blabla
    #33796

    AITpro Admin
    Keymaster

    The whitelist rule that you need to add to your existing BPS POST Attack Protection Bonus Custom Code that is saved in BPS Custom Code is this whitelist rule below:

    1. Edit your existing BPS POST Attack Protection Bonus Custom Code and add this whitelist rule.
    2. Click the Save Root Custom Code button.
    3. Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # Whitelist embed-cashp9coidpj.html POST Form Requests
    RewriteCond %{REQUEST_URI} !^.*/embed-cashp9coidpj.html [NC]

    Reference: BPS POST Attack Protection Bonus Custom Code
    https://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.