Plugin Firewall 403 errors

[jan]

I just switched to the PRO version and now keep getting 403 errors. I checked this forum and read some of the threads but cannot figure out why i am getting these. it looks like my legit users may be getting 403’s. Any help is greatly appreciated !!

>>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
REMOTE_ADDR: 65.55.215.235
Host Name: msnbot-65-55-215-235.search.msn.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
REQUEST_URI: /wp-content/plugins/user-access-manager/js/jquery.tools.min.js?ver=3.6
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)

>>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
REMOTE_ADDR: 65.55.215.235
Host Name: msnbot-65-55-215-235.search.msn.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
REQUEST_URI: /wp-content/plugins/user-access-manager/js/functions.js?ver=3.6
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)

>>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
REMOTE_ADDR: 65.55.215.235
Host Name: msnbot-65-55-215-235.search.msn.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
REQUEST_URI: /wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.40.0-2013.08.13
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)

>>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
REMOTE_ADDR: 65.55.215.235
Host Name: msnbot-65-55-215-235.search.msn.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
REQUEST_URI: /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.5.2
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)

>>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
REMOTE_ADDR: 65.55.215.235
Host Name: msnbot-65-55-215-235.search.msn.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
REQUEST_URI: /wp-content/plugins/ajax-event-calendar/js/jquery.fullcalendar.min.js?ver=1.5.3
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)

>>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
REMOTE_ADDR: 65.55.215.235
Host Name: msnbot-65-55-215-235.search.msn.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
REQUEST_URI: /wp-content/plugins/ajax-event-calendar/js/jquery.simplemodal.1.4.4.min.js?ver=1.4.4
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)

>>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
REMOTE_ADDR: 65.55.215.235
Host Name: msnbot-65-55-215-235.search.msn.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
REQUEST_URI: /wp-content/plugins/ajax-event-calendar/js/jquery.mousewheel.min.js?ver=3.0.6
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)

>>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
REMOTE_ADDR: 65.55.215.235
Host Name: msnbot-65-55-215-235.search.msn.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
REQUEST_URI: /wp-content/plugins/ajax-event-calendar/js/jquery.jgrowl.min.js?ver=1.2.5
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)

>>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
REMOTE_ADDR: 65.55.215.235
Host Name: msnbot-65-55-215-235.search.msn.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
REQUEST_URI: /wp-content/plugins/ajax-event-calendar/js/jquery.init_show_calendar.js?ver=1.0.4
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)

[jan]

i am sorry but these issues are very different than the 403 i was getting an hour ago. this appears to be something with the Ajax event calendar and not the actual calls to legit PPT and other docs on our server i was having issues with earlier. Been tweaking the permissions to try and get these 403’s to go away altogether.

[AITpro Admin]

These are plugin scripts that need to be whitelisted in your Plugin Firewall.  I scanned your website using the BPS Pro cURL 20 page multi-page scanner.  The cURL scanners work internally or externally to scan websites.

/user-access-manager/js/jquery.tools.min.js, /user-access-manager/js/functions.js, /contact-form-7/includes/js/jquery.form.min.js, /contact-form-7/includes/js/scripts.js, /ajax-event-calendar/js/jquery.fullcalendar.min.js, /ajax-event-calendar/js/jquery.simplemodal.1.4.4.min.js, /ajax-event-calendar/js/jquery.mousewheel.min.js, /ajax-event-calendar/js/jquery.jgrowl.min.js, /ajax-event-calendar/js/jquery.init_show_calendar.js

Using Regular Expression (Regex) code to condense your Plugin Firewall Whitelist rules – these are the Plugin Firewall Whitelist rules that you will need to copy to the Plugin Firewall Whitelist text area, click the Save Whitelist Options button and activate that Plugin Firewall again:

Edit/Update – Code Correction made to these whitelist rules:

/user-access-manager/js/(.*).js, /contact-form-7/includes/js/(.*).js, /ajax-event-calendar/js/(.*).js

Reference links

http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/

http://forum.ait-pro.com/forums/topic/security-log-http-error-log-read-me-first/

http://forum.ait-pro.com/video-tutorials/

[jan]

thank you !   I saw the pre-populated values there and assumed they had been saved and the list was activated. Thank you for the speedy answer and great plugin!

[AITpro Admin]

Oh yep I forgot to mention to overwrite any existing Plugin Firewall whitelist rules EXCEPT for any other plugin scripts that you manually added to the whitelist text area.  The Setup Wizard is not automatically creating Regular Expression coded whitelist rules….yet.  We are still working on that. 😉

[jan]

I am not sure what is happening but after configuring BPS Pro (upgrading) several apparently CSS-related things are broken:
1. in Dashboard Admin Sidebar: several icons are missing, including BPS Pro
2. the blue BPS Pro B-Core tabs across the top are missing; one very long page with all the options and content
3. When i go to edit pages/posts, the toolbar is gone.
4. When i open a page, it asks me ‘you sure you want to leave’ when i close the window, even if i did not make any edits.

I have tried Chrome, Safari and Firefox separately. All are messed up. The last thing i did was whitelist 3 plugins as per your suggestion (using regex); i doubt it is related but just in case, this is what i added to the plugin whitelist:

/user-access-manager/js/(.*).js, /contact-form-7/includes/js/(.*).js, /ajax-event-calendar/js/(*).js

[AITpro Admin]

This Plugin Firewall Whitelist rule is not valid and is causing this problem. This is completely my mistake since I gave you this invalid whitelist rule in the other topic. Sorry about that. I will be merging this topic into your other topic since it is directly related to that topic.

/ajax-event-calendar/js/(*).js

Whitelist rules with correction made

/user-access-manager/js/(.*).js, /contact-form-7/includes/js/(.*).js, /ajax-event-calendar/js/(.*).js

[jan]

ah. missing period. i should have caught that even though regex is not my thing. Thanks so much for the speedy support with this. This plugin tethers on the edge of my ability/ies. Thanks again.

[jan]

maybe it would be easier to delete these last two/three responses and just edit your orig reply? your call (obviously)

[AITpro Admin]

I like leaving them – it shows that I am human and make mistakes and am not afraid to admit that.  ha ha ha.  I apologize for that mistake again and thanks for being understanding about that mistake.

[Author]

Posts