Custom Login Page Redirect – 403 error

Home Forums BulletProof Security Free Custom Login Page Redirect – 403 error

Tagged: 

Viewing 6 posts - 16 through 21 (of 21 total)
  • Author
    Posts
  • #25577
    Rick
    Participant

    Yes, that is correct. However, just to let you know I just been having the same problem with logging in to the forums here. So is it BPS causing this issue? Why would I have the same problem logging in here? Very odd!

    #25578
    AITpro Admin
    Keymaster

    Not odd at all and not the same problem.  We are testing something new and ran into an issue with this new thing on this forum site due to this site being a subdomain site.  The issue/problem has been figured out and new code was created.  We do Live testing on ourselves for new features before we release anything to the Public.  😉

    Ok so at this point if you want my honest opinion about your Login processing thing it would be this:  You ALWAYS want Login processing to happen on only 1 form/Login page.  You NEVER want to send Login information from 1 form to another form – even if you are using SSL/HTTPS.  I am not sure why you are trying to do what you are doing.  It does not make sense to me so instead of creating some kind of whitelisting code to allow something dangerous on your site I think it is much better to focus on the real serious problem going on here instead.

    Example:  If I ok something that I know is dangerous and provide whitelisting code and your website gets hacked because you are allowing something very dangerous to happen on your website then besides you getting screwed by your website getting hacked, we have been screwed on a number of occaissons where some says something like, “you told me to do that”, “I did what you said and now my website is hacked”, etc etc etc.  So we try to avoid that unpleasant scenario at all costs.

    #25583
    Rick
    Participant

    Here this will help describe exactly what this process is. This is the developers main support site. This will help show the process. Look over to the left and see the login links. Then see the urls that are being used. Maybe it will help. I don’t know.

    http://support.cssjockey.com

    #25584
    AITpro Admin
    Keymaster

    Unfortunately that is out of range of support we offer.  If BPS is blocking something legitimate (legitimate being a key factor in this particular problem) then we provide whitelisting solutions for that.  We do not offer to figure out how to fix problems in other plugins or to change how those plugins work, etc.  I usually go the extra mile to figure out a problem, but in this case you have a much bigger problem and a solution will make it easy for your site to get hacked since that will not protect the Login Processing vulnerability that you currently have going on.  You can see my dilemma here correct?  Ethically it would be irresponsible of me to tell you to put duct tape on a leaky radioactive container.  Now if you want to try and make things work then the direction you would be working with/trying things would be to completely allow what you are doing with Login processing and not try to create another redirect or rewriterule to compensate for the issue.  The simple solution is to not use Root Folder BulletProof Mode or BPS.  Or you can try these things below on your own.

    Create plugin skip/bypass rules for all plugins involved.  Try doing a redirect or rewrite from /login/ to /my-help-desk/ you can use mod_rewrite or RedirectMatch – you will find various examples in this forum site for that.  Try using a RewriteEngine Off htaccess file wherever it is needed for this problem.

    #25586
    Rick
    Participant

    Ok, thank you for your time. I think I am going to go with S2Member to provide access to the helpdesk itself. Because you have me very worried about using the Frontend Modules plugin part of the plugin because it is 2 separate plugins being used. So I will use S2Member as the access login form. Seems to be much more secure.

    #25587
    AITpro Admin
    Keymaster

    Yep, very wise choice.  S2Member is very well built and secure.

Viewing 6 posts - 16 through 21 (of 21 total)
  • You must be logged in to reply to this topic.