Home › Forums › BulletProof Security Free › WooCommerce WorldPay Gateway 403 error
Tagged: 403 error, Gateway, WooCommerce, Worldpay
- This topic has 18 replies, 4 voices, and was last updated 4 years, 10 months ago by Alex Laxton.
-
AuthorPosts
-
JasonParticipant
Hi,
I’m in the final stages of a new site launch. The site has WooCommerce installed and has been tested without BPS installed. Today I installed BPS free and since installing the payment phase is failing due to a 403.
- I went through the forum post here: http://forum.ait-pro.com/forums/topic/403-forbidden-error-woocommerce/#post-5144
- I added in the provided code and confirmed its in “Your current Root htaccess File” but I still received the 403.
- I then followed your advice to “Amy V” on that same post i.e. “Deactivate Root Folder BulletProof Mode” and the transaction completed successfully.
I’m now stuck as I’m not sure if the code I copied over is compatable with the “WooCommerce WorldPay Gateway” plugin? Would really appreciate your help. As a note I’m not getting any info in the BPS SECURITY LOG but I am receiving errors text files from WorldPay. However, I can’t share those here as its an open forum but could email or proivde via a private ticket? Also as the site is in development I’ll need to share a login with you if you need access as I have an IP lock in place.
Thanks.
JasonAITpro AdminKeymasterDid you try whitelisting your entire “shop” URL|URI (note: if your “shop” URL|URI is named something different then use that actual URL|URI name): http://forum.ait-pro.com/forums/topic/403-forbidden-error-woocommerce/#post-23131
JasonParticipantHi,
Thanks very much for the reply. I’ve just tried that but when I try to Add to Cart it no longer works. Its also not possible to “Proceed to Checkout”. So I checked the error logs on the server and i’m getting errors like this:
[error] [client ###.###.##.###] File does not exist: /var/www/vhosts/URL.ext/httpdocs/shop, referer: http://URL.ext/shop/
my shop resides at: URL.ext/shop. This is the code added to “Your Currnet Root htaccess file”
# CUSTOM CODE WP REWRITE LOOP START # WP REWRITE LOOP START RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] # WooCommerce /shop URI skip/bypass rule RewriteRule ^shop/ - [L]
Thanks again.
JasonAITpro AdminKeymasterIt appears that your server is incorrectly rewriting to an invalid/incorrect URL|URI path???
/var/www/vhosts/URL.ext/httpdocs/shop
The path should look more like this: /path-to-your-actual-website/shopTry creating a RewriteRule like this:
RewriteRule ^your-actual-website-folder-name-here/shop/ - [L]
Note: You do not want to any of other parts of the folder path in the RewriteRule. ie /var/www/vhosts/URL.ext/httpdocs/ should NOT be in the RewriteRule.JasonParticipantHi,
Sorry I may have confused you there – I’ve edited the error log to hide the URL – I added in URL.ext. And you know what it doesn’t matter that much if the correct path is here.
[Wed Jul 29 17:11:56 2015] [error] [client ###.###.##.###] File does not exist: /var/www/vhosts/colinprior.co.uk/httpdocs/shop, referer: http://colinprior.co.uk/shop/
As a further note I’ve hidden my IP with # symbols.
Thanks
JasonAITpro AdminKeymasterGoing by Internet standards for folder naming conventions / site structure: colinprior.co.uk is your Hosting User Account name and httpdocs is your hosting account root folder / Document Root folder. If your website is a root site installation then all of your WordPress files and folders will be under /httpdocs/ ie /httpdocs/wp-content/, /httpdocs/wp-admin/, etc. Is this the folder structure / site architecture that you are using?
JasonParticipantYes indeed, that is correct.
AITpro AdminKeymasterDisregard: This topic is no longer valid.
See this new Topic for the fix for WooCommerce Worldpay: https://forum.ait-pro.com/forums/topic/woocommerce-worldpay-403-error/Ok so for whatever reason the virtual “/shop/” folder is being seen as a literal/physical folder by your server. Let’s try a different approach instead of dealing with/messing with that server issue. Remove/delete the Custom Code RewriteRule for “shop” that you created since that is not working on your server.
Most likely the issue/problem with the server is it is not configured to handle Symbolic links / Symlinks: http://superuser.com/questions/244245/how-do-i-get-apache-to-follow-symlinks
[code removed]
JasonParticipantI’ve added the new code and it appears in “Your Current Root htaccess File” as follows:
[code removed]
Unfortunately the payment failed as before. “Callback Failure Alert From WorldPay”. Not sure if it helps but I get a copy of the request string in the failure email from WorldPay. Only reason I’ve not pasted it here is it includes my address and full name etc.
Thanks again
JasonAITpro AdminKeymasterDisregard: This topic is no longer valid.
See this new Topic for the fix for WooCommerce Worldpay: https://forum.ait-pro.com/forums/topic/woocommerce-worldpay-403-error/Ok now do these steps:
1. Go to the BPS htaccess File Editor, unlock your Root htaccess file if it is locked and turn off AutoLock.
2. Click on the Your Current Root htaccess File tab and manually edit your root htaccess file.
3. Scroll down to the BPS Query String Exploits section of code and comment out each of these lines of htaccess code with a # sign as shown below and click the Update File button to save your editing changes.[code removed]
JasonParticipantYou my friend are an absolute genius, that worked! Successful transaction and everything worked like a charm. I’ve only done one test though so I’ll continue to make sure its a-okay. Can’t thank you enough for the help. I use BPS Free on all my WordPress sites and based on this support I’m buying pro even if I don’t use it. Awesome, just awesome. One thing, are you able to explain what I’ve just done and the issue?!?
Thanks
JasonAITpro AdminKeymasterDisregard: This topic is no longer valid.
See this new Topic for the fix for WooCommerce Worldpay: https://forum.ait-pro.com/forums/topic/woocommerce-worldpay-403-error/Just logical troubleshooting my friend, but thanks. We are not done yet. We have narrowed down/isolated where the root problem is being caused. So now let’s narrow it down futher to the exact line of htaccess code that is the problem. Then once we know that I will post the exact modified htaccess code that you need to add/save to BPS Custom Code. I am pretty sure that the problem line of htaccess code is going to either of these 2 lines of code or both of them. So remove the # signs from the other lines of code and leave these 2 lines of code below commented out with a # sign and test a transaction. If it goes through successfully then uncomment the HTTP_USER_AGENT line of code and leave the QUERY_STRING line of code commented out and test a transaction. Let me know that results after doing these steps.
[code removed]
EDIT: Having web hosting problems today with the MySQL server, but things appear to be working again. Last week this same host server problem occurred it was an intermittent problem that lasted for a few hours on and off. So if the forum site goes down again then lets complete this via email. sigh. Thanks.
JasonParticipantAh, thanks for letting me know – it gave me chance to buy the pro version as promised and then put my son to bed so all good.
So I made those changes but the problem is back. Just in case I did it wrong here’s copy paste from Your Current Root htaccess File[code removed]
I just tried commenting out this line and its working again
[code removed]More info
Uncommenting this line caused it fail
[code removed]Let me check this over and I’ll come back with a fresh post
Thanks
JasonJasonParticipantOkay I think we have a winning combination as follows
[code removed]
AITpro AdminKeymasterDisregard: This topic is no longer valid.
See this new Topic for the fix for WooCommerce Worldpay: https://forum.ait-pro.com/forums/topic/woocommerce-worldpay-403-error/Great! You have confirmed that Worldpay is posting back to your client API file/script to complete the transaction and the something in the User Agent filters is blocking the Worldpay User Agent. Luckily it does not have anything to do with the SQL Injection security filter, which is an absolute necessity to have in use. The User Agent filters are actually just nuisance filters and are not important whatsoever. 😉
So now do these Custom Code steps to save your modified BPS Query String Exploits code permanently to BPS Custom Code:
1. Copy your modified BPS Query String Exploits code above to this BPS Root Custom Code text box: CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button. -
AuthorPosts
- You must be logged in to reply to this topic.