Plugin Firewall 403 errors

Home Forums BulletProof Security Pro Plugin Firewall 403 errors

This topic contains 9 replies, has 2 voices, and was last updated by  AITpro Admin 4 years, 7 months ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #9493

    jan
    Participant

    I just switched to the PRO version and now keep getting 403 errors. I checked this forum and read some of the threads but cannot figure out why i am getting these. it looks like my legit users may be getting 403’s. Any help is greatly appreciated !!

    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
    REMOTE_ADDR: 65.55.215.235
    Host Name: msnbot-65-55-215-235.search.msn.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
    REQUEST_URI: /wp-content/plugins/user-access-manager/js/jquery.tools.min.js?ver=3.6
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)
    
    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
    REMOTE_ADDR: 65.55.215.235
    Host Name: msnbot-65-55-215-235.search.msn.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
    REQUEST_URI: /wp-content/plugins/user-access-manager/js/functions.js?ver=3.6
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)
    
    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
    REMOTE_ADDR: 65.55.215.235
    Host Name: msnbot-65-55-215-235.search.msn.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
    REQUEST_URI: /wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.40.0-2013.08.13
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)
    
    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
    REMOTE_ADDR: 65.55.215.235
    Host Name: msnbot-65-55-215-235.search.msn.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
    REQUEST_URI: /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.5.2
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)
    
    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
    REMOTE_ADDR: 65.55.215.235
    Host Name: msnbot-65-55-215-235.search.msn.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
    REQUEST_URI: /wp-content/plugins/ajax-event-calendar/js/jquery.fullcalendar.min.js?ver=1.5.3
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)
    
    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
    REMOTE_ADDR: 65.55.215.235
    Host Name: msnbot-65-55-215-235.search.msn.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
    REQUEST_URI: /wp-content/plugins/ajax-event-calendar/js/jquery.simplemodal.1.4.4.min.js?ver=1.4.4
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)
    
    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
    REMOTE_ADDR: 65.55.215.235
    Host Name: msnbot-65-55-215-235.search.msn.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
    REQUEST_URI: /wp-content/plugins/ajax-event-calendar/js/jquery.mousewheel.min.js?ver=3.0.6
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)
    
    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
    REMOTE_ADDR: 65.55.215.235
    Host Name: msnbot-65-55-215-235.search.msn.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
    REQUEST_URI: /wp-content/plugins/ajax-event-calendar/js/jquery.jgrowl.min.js?ver=1.2.5
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)
    
    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - September 9, 2013 - 7:47 pm <<<<<<<<<<<
    REMOTE_ADDR: 65.55.215.235
    Host Name: msnbot-65-55-215-235.search.msn.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.onthecuspstophai.org/about-us/key-personnel/pat-posa-rn-bsn-msa/
    REQUEST_URI: /wp-content/plugins/ajax-event-calendar/js/jquery.init_show_calendar.js?ver=1.0.4
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)
    #9494

    jan
    Participant

    i am sorry but these issues are very different than the 403 i was getting an hour ago. this appears to be something with the Ajax event calendar and not the actual calls to legit PPT and other docs on our server i was having issues with earlier. Been tweaking the permissions to try and get these 403’s to go away altogether.

    #9496

    AITpro Admin
    Keymaster

    These are plugin scripts that need to be whitelisted in your Plugin Firewall.  I scanned your website using the BPS Pro cURL 20 page multi-page scanner.  The cURL scanners work internally or externally to scan websites.

    /user-access-manager/js/jquery.tools.min.js, /user-access-manager/js/functions.js, /contact-form-7/includes/js/jquery.form.min.js, /contact-form-7/includes/js/scripts.js, /ajax-event-calendar/js/jquery.fullcalendar.min.js, /ajax-event-calendar/js/jquery.simplemodal.1.4.4.min.js, /ajax-event-calendar/js/jquery.mousewheel.min.js, /ajax-event-calendar/js/jquery.jgrowl.min.js, /ajax-event-calendar/js/jquery.init_show_calendar.js

    Using Regular Expression (Regex) code to condense your Plugin Firewall Whitelist rules – these are the Plugin Firewall Whitelist rules that you will need to copy to the Plugin Firewall Whitelist text area, click the Save Whitelist Options button and activate that Plugin Firewall again:

    Edit/Update – Code Correction made to these whitelist rules:

    /user-access-manager/js/(.*).js, /contact-form-7/includes/js/(.*).js, /ajax-event-calendar/js/(.*).js

    Reference links

    http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/

    http://forum.ait-pro.com/forums/topic/security-log-http-error-log-read-me-first/

    http://forum.ait-pro.com/video-tutorials/

    #9501

    jan
    Participant

    thank you !   I saw the pre-populated values there and assumed they had been saved and the list was activated. Thank you for the speedy answer and great plugin!

    #9502

    AITpro Admin
    Keymaster

    Oh yep I forgot to mention to overwrite any existing Plugin Firewall whitelist rules EXCEPT for any other plugin scripts that you manually added to the whitelist text area.  The Setup Wizard is not automatically creating Regular Expression coded whitelist rules….yet.  We are still working on that. 😉

    #9512

    jan
    Participant

    I am not sure what is happening but after configuring BPS Pro (upgrading) several apparently CSS-related things are broken:
    1. in Dashboard Admin Sidebar: several icons are missing, including BPS Pro
    2. the blue BPS Pro B-Core tabs across the top are missing; one very long page with all the options and content
    3. When i go to edit pages/posts, the toolbar is gone.
    4. When i open a page, it asks me ‘you sure you want to leave’ when i close the window, even if i did not make any edits.

    I have tried Chrome, Safari and Firefox separately. All are messed up. The last thing i did was whitelist 3 plugins as per your suggestion (using regex); i doubt it is related but just in case, this is what i added to the plugin whitelist:

    /user-access-manager/js/(.*).js, /contact-form-7/includes/js/(.*).js, /ajax-event-calendar/js/(*).js
    #9513

    AITpro Admin
    Keymaster

    This Plugin Firewall Whitelist rule is not valid and is causing this problem. This is completely my mistake since I gave you this invalid whitelist rule in the other topic. Sorry about that. I will be merging this topic into your other topic since it is directly related to that topic.

    /ajax-event-calendar/js/(*).js

    Whitelist rules with correction made

    /user-access-manager/js/(.*).js, /contact-form-7/includes/js/(.*).js, /ajax-event-calendar/js/(.*).js
    #9518

    jan
    Participant

    ah. missing period. i should have caught that even though regex is not my thing. Thanks so much for the speedy support with this. This plugin tethers on the edge of my ability/ies. Thanks again.

    #9519

    jan
    Participant

    maybe it would be easier to delete these last two/three responses and just edit your orig reply? your call (obviously)

    #9520

    AITpro Admin
    Keymaster

    I like leaving them – it shows that I am human and make mistakes and am not afraid to admit that.  ha ha ha.  I apologize for that mistake again and thanks for being understanding about that mistake.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.