Home › Forums › BulletProof Security Free › NextGen Gallery NGG – manage gallery wp-admin 403 error
Tagged: 403 error, manage gallery, NextGen, NextGener Gallery, wp-admin
- This topic has 4 replies, 3 voices, and was last updated 7 years, 6 months ago by
rafaelmagic.
-
AuthorPosts
-
Bruce Alfred
ParticipantI’m getting a 403 when attempting to access Next Gen Gallery as a logged-in admin user. I’m sorry if I missed it, but I’ve searched for how to whitelist NextGen Gallery in BPS Free, and couldn’t find a post that helped.
Can you please tell me how to whitelist NextGen? Below is the error log.
Thanks very much.
-Bruce[403 GET / HEAD Request: October 2, 2014 - 11:11 am] Event Code: WPADMIN-SBR Solution:http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 96.42.253.184 Host Name: 96-42-253-184.dhcp.roch.mn.charter.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://seasonshospice.org/wp-admin/admin.php?page=nggallery-manage-gallery REQUEST_URI: /wp-admin/admin.php?page=nggallery-manage-gallery&skipjs[0]=http://seasonshospice.org/wp-content/themes/pagelines/sections/navbar/navbar.js?ver=4.0 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
AITpro Admin
KeymasterUPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.
The Request URI is simulating an RFI hacking attempt. Try a Query String skip/bypass whitelist rule.
1. Copy the wp-admin plugin skip/bypass rule below to this BPS wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN FIXES: Add ONLY WPADMIN personal plugin fixes code here
NOTE: If you already have a wp-admin S=2 skip rule in use in Custom Code then make this skip rule S=3 and add it above skip rule S=2
# NextGen Gallery Query String wp-admin skip/bypass rule RewriteCond %{QUERY_STRING} page=nggallery-manage-gallery(.*) [NC] RewriteRule . - [S=2]
2. Click the Save wp-admin Custom Code button.
3. Go to the BPS Security Modes page and activate wp-admin Folder BulletProof Mode.Bruce Alfred
ParticipantThat did the job! Thanks very much for your quick and helpful reply.
Best,
BruceAITpro Admin
KeymasterGreat! Thanks for confirming the whitelist rule works.
rafaelmagic
ParticipantNextgen 2.0 needs the whitelist above and a whitelist of PHP files so the “Manage Galleries” options all work.
Rotate, Edit Thumbnail, Meta and the other functions need a php whitelist.
Add the following to your Firewall if using BPS Pro
/nextgen-gallery/products/photocrati_nextgen/modules/ngglegacy/admin/(.*).php
-
AuthorPosts
- You must be logged in to reply to this topic.