Contact Form 7 Calendly redirect – 403 error

Home Forums BulletProof Security Free Contact Form 7 Calendly redirect – 403 error

This topic contains 1 reply, has 2 voices, and was last updated by  AITpro Admin 1 month ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #38043

    doron
    Participant

    hi

    after i’m submitting a cf7 form and i’m supposed to be redirected to calendly.

    but i get an error 403

    [403 GET Request: 15.10.2019 - 17:53]
    BPS: 3.7
    WP: 5.2.4
    Event Code: WPADMIN-SBR
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 79.178.232.46
    Host Name: bzq-79-178-232-46.red.bezeqint.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://franchise.e2youngengineers.org/
    REQUEST_URI: /calendly/?text-254=dfv&text-255=dg&text-257=052445&email-985=asd@wa.co&text-258=dfg&text-259=dfg&country_name=Israel&referer-page=https://franchise.e2youngengineers.org/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php&menu-764=30000&bwscaptcha-869=6&bwscaptcha-869-cptch_result=dIg=&cptch_time=1571151145&cptch_form=cf7_contact&acceptance-847=1
    QUERY_STRING: text-254=dfv&text-255=dg&text-257=052445&email-985=asd@wa.co&text-258=dfg&text-259=dfg&country_name=Israel&referer-page=https://franchise.e2youngengineers.org/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php&menu-764=30000&bwscaptcha-869=6&bwscaptcha-869-cptch_result=dIg=&cptch_time=1571151145&cptch_form=cf7_contact&acceptance-847=1
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
    
    #38044

    AITpro Admin
    Keymaster

    This is an RFI security rule problem in the wp-admin htaccess file.  Do the steps below to whitelist the Calendly redirect Query String, which is simulating an RFI hacking attempt against your website.  Important note: If you deactivate wp-admin BulletProof Mode in the future then the root htaccess file will block the Calendly redirect Query String and you would need to whitelist the RFI security rules in the root htaccess file.  You do not need to do that at this time assuming you have root BulletProof Mode activated.

    1. Copy the modified wp-admin htaccess code below to this BPS wp-admin Custom Code text box: 4. CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    2. Click the Save wp-admin Custom Code button.
    3. Go to the Security Modes page and click the wp-admin BulletProof Mode Activate button.

    # BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    # WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED
    # Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently.
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
    #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    #RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F]
    # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.