Access to json file in upload folder denied

[Zoran]

Hi,

I want to use lottie animation on on my site (these are .json files), but BPS denies access:

[403 GET Request: 06.03.2021 - 10:20]
BPS Pro: 15.2
WP: 5.6.2
Event Code: UAEGWR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
REMOTE_ADDR: xxxxxxxxxxxx
Host Name: la02-088211.webhostcluster.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: xxxxxxxxxxx
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://somesite.com/test-page/?elementor-preview=4521&ver=1615022418
REQUEST_URI: /wp-content/uploads/2021/03/lf20_h9nsbpbp.json
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

I have added a

RewriteRule ^lf20_h9nsbpbp.json$ - [L]

in .htaccess file in upload folder, using Custom code:

# BULLETPROOF PRO UPLOADS FOLDER .HTACCESS
#
# BPS LiteSpeed mod_rewrite
#
# BEGIN WHITELIST
# Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front
# of the whitelist rule you want to use and add the actual filename or folder name you want to whitelist.
# Whitelist a specific js file in the uploads folder: example.js
RewriteRule ^lf20_h9nsbpbp.json$ - [L]
# Whitelist an entire folder in the uploads folder: /uploads/example-folder/
#RewriteRule ^example-folder/.*$ - [L]
# END WHITELIST
#
# FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
RewriteCond %{REQUEST_URI} ^.*\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$ [NC]
RewriteRule ^(.*)$ - [F]

# FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg
<FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$">
Order Allow,Deny
Deny from all
</FilesMatch>

Obviously, I’m doing something wrong so I can’t get it to work. Please help.

Thanks in advance,

Zoran

[AITpro Admin]

Did you activate UAEG again on the Security Modes page after saving your UAEG custom code?  If that does not work then use the “Alternative Method: Whitelist all .json files by removing json from the security filter”.

https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/

Delete the file extension that you want to allow and click the Save UAEG Custom Code button to save your changes. In this case delete json as shown below.

# FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
<FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|jse|jsfl|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
Order Deny,Allow
Deny from all
</FilesMatch>

CUSTOM CODE UAEG Whitelisting Method

To edit/customize your Uploads Anti-Exploit Guard (UAEG) .htaccess file go to the B-Core > htaccess File Editor tab page > “Your Current Uploads htaccess File” tab and do the steps below.
1. Copy and paste your entire Uploads .htaccess file code from the “Your Current Uploads htaccess File” tab on the htaccess File Editor page into the CUSTOM CODE UAEG text box on the BPS Custom Code tab page.
2. Edit/modify/customize your UAEG htaccess code in the CUSTOM CODE UAEG text box on the BPS Custom Code tab page.
3. Click the Save UAEG Custom Code button to save your UAEG custom code.
4. Go to the Security Modes page and click the UAEG BulletProof Mode Activate button.

[Author]

Posts