Home › Forums › BulletProof Security Pro › Advanced Ads – Ads blocked 403 error, UAEG 403 error
Tagged: 403 error, UAEG, uploads, Uploads Anti-Exploit Guard
- This topic has 0 replies, 1 voice, and was last updated 7 years, 11 months ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
The Advanced Ads plugin creates a new folder under the WordPress /uploads/ folder. UAEG blocks scripts that can executed in the WordPress uploads folder, such as js and php scripts. I am not sure if the Advanced Ads plugin always creates the same name for the folder. In this particular case the folder name was: /uploads/819/.
Solution: Create a UAEG folder whitelist rule to whitelist the folder that the Advanced Ads plugin creates under the WordPress uploads folder. See this forum topic for the steps to do this: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/. The folder whitelist rule for the Advanced Ads plugin folder under the uploads folder is this:
SetEnvIf Request_URI "819/.*$" whitelist
. Note: You also need to remove the # signs from in front of these lines of code: #Require env whitelist and #Allow from env=whitelist.Example UAEG htaccess code for an Apache server with the folder whitelist rule for the Advanced Ads plugin:
# BULLETPROOF PRO UPLOADS FOLDER .HTACCESS # # BPS mod_authz_core IfModule BC # Allow,Deny # First, all Allow directives are evaluated. At least one must match, or the request is rejected. # Next, all Deny directives are evaluated. If any matches, the request is rejected. # Last, any requests which do not match an Allow or a Deny directive are denied by default. # # Deny,Allow # First, all Deny directives are evaluated. If any match, the request is denied unless # it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted. # # *Match* -------------------- *Allow,Deny result* -------------------- *Deny,Allow result* # Match Allow only ----------- Request allowed ------------------------ Request allowed # Match Deny only ------------ Request denied ------------------------- Request denied # No match ------------------- Default to second directive: Denied ---- Default to second directive: Allowed # Match both Allow & Deny ---- Final match controls: Denied ----------- Final match controls: Allowed # # NOTE: The zip file extension can be added to block remote access or execution of zip files, several plugins create # create either temporary or permanent zip files in the uploads folder. This may block those plugins from being # able to create zip files in your uploads folder. # # BEGIN WHITELIST # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front # of the whitelist rule you want to use, add the actual filename or folder name you want to whitelist and also # delete the # sign in front of #Require env whitelist and #Allow from env=whitelist. # Whitelist a specific js file in the uploads folder: example.js #SetEnvIf Request_URI "example.js$" whitelist # Whitelist an entire folder in the uploads folder: /uploads/example-folder/ SetEnvIf Request_URI "819/.*$" whitelist # END WHITELIST # # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$"> <IfModule mod_authz_core.c> Require env whitelist Require all denied </IfModule> <IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny Allow from env=whitelist Deny from all </IfModule> </IfModule> </FilesMatch> # FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg <FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$"> <IfModule mod_authz_core.c> Require env whitelist Require all denied </IfModule> <IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny Allow from env=whitelist Deny from all </IfModule> </IfModule> </FilesMatch>
Example UAEG htaccess code for a LiteSpeed server with the folder whitelist rule for the Advanced Ads plugin:
# BULLETPROOF PRO UPLOADS FOLDER .HTACCESS # # BPS LiteSpeed mod_rewrite # # BEGIN WHITELIST # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front # of the whitelist rule you want to use and add the actual filename or folder name you want to whitelist. # Whitelist a specific js file in the uploads folder: example.js #RewriteRule ^example.js$ - [L] # Whitelist an entire folder in the uploads folder: /uploads/example-folder/ RewriteRule ^819/.*$ - [L] # END WHITELIST # # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY RewriteCond %{REQUEST_URI} ^.*\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$ [NC] RewriteRule ^(.*)$ - [F] # FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg <FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$"> Order Allow,Deny Deny from all </FilesMatch>
-
AuthorPosts
- You must be logged in to reply to this topic.