Home › Forums › BulletProof Security Free › WooCommerce – 403 error
Tagged: 403 error, checkout, order, order-recieved, paypal, Redirect, WooCommerce
- This topic has 19 replies, 4 voices, and was last updated 9 years, 2 months ago by AITpro Admin.
-
AuthorPosts
-
nasigorengMember
Hey guys,
We’re using Woocommerce Plugin and eversince we installed BPS we get 403 forbidden error on our “Order Received” page. Just to explain of what’s going on with the plugin:
1. User buys a product from us
2. The user gets redirected to paypal to pay
3. The user pays on paypal’s website
4. Paypal redirect the user back to our website
5. 403 error!The redirect URL from Paypal looks like this:
http://www.ourtestwebsite.com/checkout/thank-you/?order=xxx&key=order_xxx&utm_nooverride=1&tx=xxx&st=Completed&amt=10.00&cc=GBP&cm=xxx&item_number=
Is there a way to fix this? Any info would be helpful
Thank you!AITpro AdminKeymasterDisregard: This topic is no longer valid. Several things in WooCommerce have changed.
See this new Topic regarding WooCommerce issues/problems: http://forum.ait-pro.com/forums/topic/woocommerce-read-me-first/nasigorengMemberhey guys
Thank you so much for the quick prompt reply. removing the order| fixes the problem! This is actually a new installation. I only just installed the BPS plugin this morning. The query string is actually added by Paypal, rather than WooCommerce.
Thank you again.
Amazing plugin!AITpro AdminKeymasterGreat! Thanks for confirming all is well.
DavePParticipantI have just followed this procedure on a brand new WooCommerce site with BPS after getting the 403 error. So surprised that I am getting this with such an old issue. I looked at the .htaccess and it had the |order| entry in it ! I will let you know once a new order has been processed to ensure it is working…
Regards, Dave
AITpro AdminKeymasterI looked at the .htaccess and it had the |order| entry
Yes. You are correct. That is standard BPS Security code and will always be in standard BPS security files. For folks who have WooCommerce they will need to make this necessary modification to BPS Standard code and files.
DavePParticipantOK, that is good to know – I will remember that & thanks for the prompt reply – Dave
Amy VParticipantI have done these steps and I’m still getting a 403 forbidden from paypal. Here’s my address string in the browser looks a little different and I’m not able to make heads or tails of the code to paste into the little window.
https://northcountryfiberfair.org/shop/index.php/checkout/order-received/xxx?key=wc_order_xxx&utm_nooverride=1&tx=xxx&st=Completed&amt=0%2e01&cc=USD&cm=a%3a2%3a%7bi%3a0%3bi%3a1744%3bi%3a1%3bs%3a22%3a%22wc_order_xxx%22%3b%7d&item_number=
AITpro AdminKeymasterYou have done something incorrectly. I checked your site and the %22 | order condition is still in effect/has not been successfully changed. Double check that you are doing ALL of the Custom Code steps.
1. Copy the modified (order| has been removed) BPS Query String Exploits code below to this BPS Root Custom Code text box: CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS:
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.AITpro AdminKeymasterDisregard: This topic is no longer valid. Several things in WooCommerce have changed.
See this new Topic regarding WooCommerce issues/problems: http://forum.ait-pro.com/forums/topic/woocommerce-read-me-first/Amy VParticipantWill try that. thx. I also realized I had BPS installed in my two WP installations (one at main address and one at /shop) and had changed only one. so I’ll try applying the fix to both.
AITpro AdminKeymasterOk take a look at this Forum Topic link below to get familiar with how multiple website domains – hierarchy, structure, relationship affect each other. Basically a Parent website’s htaccess file will affect all Child websites since the Parent site is higher in the folder structure: /parent/, /parent/child-1/, /parent/child-1/subfolder/, /parent/child-2/, etc.
http://forum.ait-pro.com/forums/topic/htaccess-files-for-multiple-website-domains/
Amy VParticipantThanks! I can get it to work nicely with paypal sandbox, but not paypal itself. Frustrated, but not giving up yet!
AITpro AdminKeymasterThe Sandbox should exactly simulate a Live transaction. Double check that the Sandbox and Live transaction payment script/file are using the same path location and any other parameters. It is possible, but not likely that whatever transaction payment script/file that you are using is making a HEAD Request. To rule that out do the Custom Code steps in this forum topic: http://forum.ait-pro.com/forums/topic/broken-link-checker-plugin-403-error/#post-2017
Amy VParticipant(Taking a deep breath.) There is some difference and I can’t figure out what between the sandbox and the main paypal site. The sandbox plays nicely and goes back to the order summary page. Main paypal does not. I have put in the “BPS QUERY STRING EXPLOITS” code, the CUSTOM CODE WP REWRITE LOOP START, and the Whitelist User Agents or remove HEAD here in both BP Security installs in the custom code boxes and Activate Root Folder BulletProof Mode. No messages appear in my main site BP security log file (so it wasn’t likely necessary to have those changes – but for completeness sake I’d added them). looking through the wc paypal error log – there doesn’t appear to be any sort of error.I looked at the htaccess file editor under Your current root htaccess file and those mods appear to be there. Help? Do you want screenshots of anything? Anything else I need to check? The message that keeps popping up in the BP security log for the shop install says the following:
[403 GET / HEAD Request: June 6, 2015 4:48 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: xxx Host Name: xxx SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=3nbT63vkQZlKaNoXsGPPOreAtC0z-8CV0grCgmJ71oxBprynQBi6Lo194g0&dispatch=50a222a57771920b6a3d7b606239e4d529b525e0b7e69bf0224adecfb0124e9b61f737ba21b08198acc59b45c1b5383c3fbf91319c9514c0 REQUEST_URI: /shop/checkout/order-received/1787?key=wc%5forder%5f5573242ccf79a&utm_nooverride=1&tx=6KV93855973324020&st=Completed&amt=0%2e01&cc=USD&cm=a%3a2%3a%7bi%3a0%3bi%3a1787%3bi%3a1%3bs%3a22%3a%22wc%5forder%5f5573242ccf79a%22%3b%7d&item_number= QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36
-
AuthorPosts
- You must be logged in to reply to this topic.