Download Monitor Plugin 404 Error

Home Forums BulletProof Security Free Download Monitor Plugin 404 Error

Viewing 15 posts - 1 through 15 (of 19 total)
  • Author
    Posts
  • #1244
    Greg
    Member

    Hi There, I have some small problem after BPS installation. My downloads in Download Monitor stopped working. http://wordpress.org/extend/plugins/download-monitor/ There is some config required but, I don’t know where to place the required code and see if BPS would allow the downloads to go through: I tried above “# BEGIN WordPress” but I get server error. The instruction and code are as follow: Download URL updated – You need to re-save your permalinks settings (Options/settings -> Permalinks) for the changes to occur in your blog. If your .htaccess file cannot be written to by WordPress, add the following to your .htaccess file above the “# BEGIN WordPress” line:

    Options +FollowSymLinks RewriteEngine on RewriteRule ^download/([^/]+)$ *your wp-content dir*/plugins/download-monitor/download.php?id=$1 [L]

    replacing “download/” with your custom url and “*your wp-content dir*” with your wp-content directory. Any easy fix? Thank you Greg

    #1247
    AITpro Admin
    Keymaster

    Since you are getting a 404 error and not a 403 error than most likely BPS is not causing the issue/problem.  To determine if BPS is causing the problem do these steps.

    1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
    2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
    3. Test your plugin or theme.

    Try creating a Skip/Bypass rule for this plugin as shown below.  Copy and paste this .htaccess code below to Your Current Root htaccess File file using the built-in BPS File Editor.  As of BPS Pro 5.1.5 and BPS free .46.9 you can add personal plugin fixes to Custom Code to save them permanently. Copy this .htaccess code to the Custom Code CUSTOM CODE PLUGIN FIXES: text box, save your changes, go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # Download Monitor skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/add-the-plugin-folder-name-here/ [NC]
    RewriteRule . - [S=13]

    I assume you would add the Download Monitor coding here in your root .htaccess file (you probably do not need to add Options Symlinks):

    RewriteEngine On
    RewriteBase /
    RewriteRule ^download/([^/]+)$ *your wp-content dir*/plugins/download-monitor/download.php?id=$1 [L]
    RewriteRule ^index\.php$ - [L]
    
    #1250
    AITpro Admin
    Keymaster

    FYI – the link you posted is not valid.  That plugin does not exist in the WordPress Plugin Repository.

    Also if you are seeing a 500 Error than that is most likely being caused by using Options Symlinks.  😉

    #2205
    Samara
    Member

    I had one person email me with a 403 error message when trying to download a PDF. I cannot replicate it on multiple browsers, logged in/out, but she copied and pasted the BPS 403 error page, so I know it came from BPS. Is there anything you can think of that would cause this under variable circumstances?

    #2206
    AITpro Admin
    Keymaster

    Please post a link to the plugin.  Please explain in exact specific step by step details when, where and how the error occurs.  Once I have this information then I will test the plugin.

    #2207
    Samara
    Member

    Here is the plugin:  http://wordpress.org/extend/plugins/download-monitor/
    I have tested this on the front end and cannot duplicate the error, but I’ve gotten several emails from people just recently (I believe this is something that changed in the last update possibly) that have copied/pasted the BPS 403 error pages into the email to let us know about it.
    I wish I had more details, it’s really frustrating when I myself, cannot duplicate the problem people are having. Is there a way to have BPS skip this plugin somehow, at least temporarily?

    #2208
    AITpro Admin
    Keymaster

    Yep that link is now valid so that plugin must have been temporarily removed from the WordPress plugin repository and added back again.  403 Errors are an Internet Standard HTTP Response code so just because you are seeing a 403 Error does not necessarily mean that BPS is causing the 403 Error.  I will test, but without knowing what I am testing then I will probably not find anything either.  Will let you know what I find out.  This could have something to do with the link the person is using and not have anything to do with the plugin itself.

    Example Bad/Dangerous/Unsafe link that would cause a 403 Error:  example.com/some-download-link-to-bad-or-dangerous-coding-character-used-in-the-URL-single-quote-or-apostrophe-coding-character’s

    The apostrophe / single quote code character in “character’s” will cause a 403 Error because the single quote coding character should NEVER be used in a URL. It is probably THE MOST dangerous/unsafe coding character to use.

    Post the actual URL that is generating a 403 Error.

    #2212
    Samara
    Member

    The download url looks like this: http://www.address.com/wp-content/plugins/download-monitor/download.php?id=1

    #2213
    Samara
    Member

    Looked at the security log and found several entries relating to this:

    >>>>>>>>>>> 403 Error Logged - February 25, 2013 - 11:04 am <<<<<<<<<<< 
    REMOTE_ADDR: 107.0.87.50 
    Host Name: Removed-by-me 
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET 
    HTTP_REFERER: http://www.frontrangesource.com/fundraising-resources-toolbox/
    REQUEST_URI: /wp-content/plugins/download-monitor/download.php?id=4
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - February 25, 2013 - 11:26 am <<<<<<<<<<< 
    REMOTE_ADDR: 150.70.172.101 
    Host Name: Removed-by-me 
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 127.0.0.1 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET 
    HTTP_REFERER: 
    REQUEST_URI: /wp-content/plugins/download-monitor/download.php?id=4 
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
    #2216
    AITpro Admin
    Keymaster

    Ok going by the errors in the Error log then yep a simple plugin skip/bypass rule should work.

    Copy and paste this .htaccess code below to Your Current Root htaccess File using the built-in BPS File Editor.  The S= # is very important.  It is an .htaccess Skip rule.  The skip rules are in descending order S=12, S=11, S=10, etc and this number order is very important.  If you add a plugin fix above Skip rule #11 (S=11) then your new skip rule will be S=12.  If you add another skip rule above S=12 it will be S=13.  As of BPS Pro 5.1.5 and BPS free .46.9 you can add personal plugin fixes to Custom Code to save them permanently. If after testing this skip/bypass rule directly in your root .htaccess file works then copy this .htaccess code to the Custom Code CUSTOM CODE PLUGIN FIXES: text box, Click the Save Root Custom Code button, Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # Download Manager skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/download-monitor/ [NC]
    RewriteRule . - [S=13]

    Also from what the previous person posted the Download Manager plugin has its own custom .htaccess code that you need to add to the root .htaccess file.  I will be testing this plugin in a little while.

    #2222
    Samara
    Member

    Got it. Thanks so much for the detailed explanation. I added it directly to the htaccess and will monitor the security log for further errors (since I cannot duplicate myself). If no errors present themselves I will add it to the custom plugin fixes area. Please let me know if you find anything further in your testing. I will report back as well. Thanks again!

    #2225
    AITpro Admin
    Keymaster

    I have tested this plugin.

    Chose to upload a pdf and chose the option to Force Download.  I did not need to alter or modify anything and the download worked fine.  I do not see any conflicts or that BPS is blocking anything in this plugin using these settings, but it is possible that choosing some of the other configuration options such as creating a specified Download directory could cause an issue.  I tried using this option and it does not make any sense.  the only hint is this – Directory (relative paths only): 

    I tried several different combinations of relative paths and none of them worked so I could not test this.

    #2227
    Samara
    Member

    Perhaps that’s our issue. We did not use the “force download” checkbox.

    #2228
    AITpro Admin
    Keymaster

    In testing when I did not use this option then the PDF opened in the Browser instead of being downloaded of course.

    #2230
    Samara
    Member

    This is my frustration 😉 I can access everything fine. It just seems that random people can’t. There is no rhyme or reason to the browsers/OS/etc. either – mind boggling! So, I added the rule and have it set to email me for every security log entry. Hopefully just bypassing it will fix the issue while still keeping everything locked down.

Viewing 15 posts - 1 through 15 (of 19 total)
  • You must be logged in to reply to this topic.