WooCommerce WorldPay Gateway 403 error

Home Forums BulletProof Security Free WooCommerce WorldPay Gateway 403 error

This topic contains 17 replies, has 3 voices, and was last updated by  adrian gana 2 months, 3 weeks ago.

Viewing 15 posts - 1 through 15 (of 18 total)
  • Author
    Posts
  • #24235

    Jason
    Participant

    Hi,

    I’m in the final stages of a new site launch. The site has WooCommerce installed and has been tested without BPS installed. Today I installed BPS free and since installing the payment phase is failing due to a 403.

    I’m now stuck as I’m not sure if the code I copied over is compatable with the “WooCommerce WorldPay Gateway” plugin? Would really appreciate your help. As a note I’m not getting any info in the BPS SECURITY LOG but I am receiving errors text files from WorldPay. However, I can’t share those here as its an open forum but could email or proivde via a private ticket? Also as the site is in development I’ll need to share a login with you if you need access as I have an IP lock in place.

    Thanks.
    Jason

    #24241

    AITpro Admin
    Keymaster

    Did you try whitelisting your entire “shop” URL|URI (note: if your “shop” URL|URI is named something different then use that actual URL|URI name):  http://forum.ait-pro.com/forums/topic/403-forbidden-error-woocommerce/#post-23131

    #24245

    Jason
    Participant

    Hi,

    Thanks very much for the reply. I’ve just tried that but when I try to Add to Cart it no longer works. Its also not possible to “Proceed to Checkout”.  So I checked the error logs on the server and i’m getting errors like this:

    [error] [client ###.###.##.###] File does not exist: /var/www/vhosts/URL.ext/httpdocs/shop, referer: http://URL.ext/shop/

    my shop resides at: URL.ext/shop. This is the code added to “Your Currnet Root htaccess file”

    # CUSTOM CODE WP REWRITE LOOP START
    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    # WooCommerce /shop URI skip/bypass rule
    RewriteRule ^shop/ - [L]

    Thanks again.
    Jason

    #24256

    AITpro Admin
    Keymaster

    It appears that your server is incorrectly rewriting to an invalid/incorrect URL|URI path??? /var/www/vhosts/URL.ext/httpdocs/shop The path should look more like this: /path-to-your-actual-website/shop

    Try creating a RewriteRule like this:  RewriteRule ^your-actual-website-folder-name-here/shop/ - [L]
    Note: You do not want to any of other parts of the folder path in the RewriteRule. ie /var/www/vhosts/URL.ext/httpdocs/ should NOT be in the RewriteRule.

    #24257

    Jason
    Participant

    Hi,

    Sorry I may have confused you there – I’ve edited the error log to hide the URL – I added in URL.ext. And you know what it doesn’t matter that much if the correct path is here.

    [Wed Jul 29 17:11:56 2015] [error] [client ###.###.##.###] File does not exist: /var/www/vhosts/colinprior.co.uk/httpdocs/shop, referer: http://colinprior.co.uk/shop/

    As a further note I’ve hidden my IP with # symbols.

    Thanks
    Jason

    #24260

    AITpro Admin
    Keymaster

    Going by Internet standards for folder naming conventions / site structure:   colinprior.co.uk is your Hosting User Account name and httpdocs is your hosting account root folder / Document Root folder.  If your website is a root site installation then all of your WordPress files and folders will be under /httpdocs/  ie /httpdocs/wp-content/, /httpdocs/wp-admin/, etc.  Is this the folder structure / site architecture that you are using?

    #24261

    Jason
    Participant

    Yes indeed, that is correct.

    #24262

    AITpro Admin
    Keymaster

    Disregard: This topic is no longer valid.
    See this new Topic for the fix for WooCommerce Worldpay: https://forum.ait-pro.com/forums/topic/woocommerce-worldpay-403-error/

    Ok so for whatever reason the virtual “/shop/” folder is being seen as a literal/physical folder by your server.  Let’s try a different approach instead of dealing with/messing with that server issue.  Remove/delete the Custom Code RewriteRule for “shop” that you created since that is not working on your server.

    Most likely the issue/problem with the server is it is not configured to handle Symbolic links / Symlinks:  http://superuser.com/questions/244245/how-do-i-get-apache-to-follow-symlinks

    [code removed]

    #24266

    Jason
    Participant

    I’ve added the new code and it appears in “Your Current Root htaccess File” as follows:

    [code removed]

    Unfortunately the payment failed as before. “Callback Failure Alert From WorldPay”. Not sure if it helps but I get a copy of the request string in the failure email from WorldPay. Only reason I’ve not pasted it here is it includes my address and full name etc.

    Thanks again
    Jason

    #24272

    AITpro Admin
    Keymaster

    Disregard: This topic is no longer valid.
    See this new Topic for the fix for WooCommerce Worldpay: https://forum.ait-pro.com/forums/topic/woocommerce-worldpay-403-error/

    Ok now do these steps:
    1.  Go to the BPS htaccess File Editor, unlock your Root htaccess file if it is locked and turn off AutoLock.
    2.  Click on the Your Current Root htaccess File tab and manually edit your root htaccess file.
    3.  Scroll down to the BPS Query String Exploits section of code and comment out each of these lines of htaccess code with a # sign as shown below and click the Update File button to save your editing changes.

    [code removed]
    #24273

    Jason
    Participant

    You my friend are an absolute genius, that worked! Successful transaction and everything worked like a charm. I’ve only done one test though so I’ll continue to make sure its a-okay. Can’t thank you enough for the help. I use BPS Free on all my WordPress sites and based on this support I’m buying pro even if I don’t use it. Awesome, just awesome. One thing, are you able to explain what I’ve just done and the issue?!?

    Thanks
    Jason

    #24275

    AITpro Admin
    Keymaster

    Disregard: This topic is no longer valid.
    See this new Topic for the fix for WooCommerce Worldpay: https://forum.ait-pro.com/forums/topic/woocommerce-worldpay-403-error/

    Just logical troubleshooting my friend, but thanks.  We are not done yet.  We have narrowed down/isolated where the root problem is being caused.  So now let’s narrow it down futher to the exact line of htaccess code that is the problem.  Then once we know that I will post the exact modified htaccess code that you need to add/save to BPS Custom Code. I am pretty sure that the problem line of htaccess code is going to either of these 2 lines of code or both of them. So remove the # signs from the other lines of code and leave these 2 lines of code below commented out with a # sign and test a transaction. If it goes through successfully then uncomment the HTTP_USER_AGENT line of code and leave the QUERY_STRING line of code commented out and test a transaction. Let me know that results after doing these steps.

    [code removed]

    EDIT: Having web hosting problems today with the MySQL server, but things appear to be working again. Last week this same host server problem occurred it was an intermittent problem that lasted for a few hours on and off. So if the forum site goes down again then lets complete this via email. sigh. Thanks.

    #24278

    Jason
    Participant

    Ah, thanks for letting me know – it gave me chance to buy the pro version as promised and then put my son to bed so all good.
    So I made those changes but the problem is back. Just in case I did it wrong here’s copy paste from Your Current Root htaccess File

    [code removed]

    I just tried commenting out this line and its working again
    [code removed]

    More info

    Uncommenting this line caused it fail
    [code removed]

    Let me check this over and I’ll come back with a fresh post

    Thanks
    Jason

    #24282

    Jason
    Participant

    Okay I think we have a winning combination as follows

    [code removed]

    #24283

    AITpro Admin
    Keymaster

    Disregard: This topic is no longer valid.
    See this new Topic for the fix for WooCommerce Worldpay: https://forum.ait-pro.com/forums/topic/woocommerce-worldpay-403-error/

    Great!  You have confirmed that Worldpay is posting back to your client API file/script to complete the transaction and the something in the User Agent filters is blocking the Worldpay User Agent.  Luckily it does not have anything to do with the SQL Injection security filter, which is an absolute necessity to have in use.  The User Agent filters are actually just nuisance filters and are not important whatsoever.  😉

    So now do these Custom Code steps to save your modified BPS Query String Exploits code permanently to BPS Custom Code:

    1.  Copy your modified BPS Query String Exploits code above to this BPS Root Custom Code text box:  CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

Viewing 15 posts - 1 through 15 (of 18 total)

You must be logged in to reply to this topic.