Advanced Ads – Ads blocked 403 error, UAEG 403 error

Home Forums BulletProof Security Pro Advanced Ads – Ads blocked 403 error, UAEG 403 error

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #31951
    AITpro Admin
    Keymaster

    The Advanced Ads plugin creates a new folder under the WordPress /uploads/ folder.  UAEG blocks scripts that can executed in the WordPress uploads folder, such as js and php scripts.  I am not sure if the Advanced Ads plugin always creates the same name for the folder.  In this particular case the folder name was:  /uploads/819/.

    Solution:  Create a UAEG folder whitelist rule to whitelist the folder that the Advanced Ads plugin creates under the WordPress uploads folder.  See this forum topic for the steps to do this:  https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/.  The folder whitelist rule for the Advanced Ads plugin folder under the uploads folder is this: SetEnvIf Request_URI "819/.*$" whitelist. Note: You also need to remove the # signs from in front of these lines of code: #Require env whitelist and #Allow from env=whitelist.

    Example UAEG htaccess code for an Apache server with the folder whitelist rule for the Advanced Ads plugin:

    # BULLETPROOF PRO UPLOADS FOLDER .HTACCESS
    #
    # BPS mod_authz_core IfModule BC
    # Allow,Deny
    # First, all Allow directives are evaluated. At least one must match, or the request is rejected.
    # Next, all Deny directives are evaluated. If any matches, the request is rejected.
    # Last, any requests which do not match an Allow or a Deny directive are denied by default.
    #
    # Deny,Allow
    # First, all Deny directives are evaluated. If any match, the request is denied unless
    # it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted.
    #
    # *Match* -------------------- *Allow,Deny result* -------------------- *Deny,Allow result*
    # Match Allow only ----------- Request allowed ------------------------ Request allowed
    # Match Deny only ------------ Request denied ------------------------- Request denied
    # No match ------------------- Default to second directive: Denied ---- Default to second directive: Allowed
    # Match both Allow & Deny ---- Final match controls: Denied ----------- Final match controls: Allowed
    #
    # NOTE: The zip file extension can be added to block remote access or execution of zip files, several plugins create
    # create either temporary or permanent zip files in the uploads folder. This may block those plugins from being
    # able to create zip files in your uploads folder.
    #
    # BEGIN WHITELIST
    # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front
    # of the whitelist rule you want to use, add the actual filename or folder name you want to whitelist and also
    # delete the # sign in front of #Require env whitelist and #Allow from env=whitelist.
    # Whitelist a specific js file in the uploads folder: example.js
    #SetEnvIf Request_URI "example.js$" whitelist
    # Whitelist an entire folder in the uploads folder: /uploads/example-folder/
    SetEnvIf Request_URI "819/.*$" whitelist
    # END WHITELIST
    #
    # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
    <IfModule mod_authz_core.c>
    Require env whitelist
    Require all denied
    </IfModule>
    
    <IfModule !mod_authz_core.c>
    <IfModule mod_access_compat.c>
    Order Allow,Deny
    Allow from env=whitelist
    Deny from all
    </IfModule>
    </IfModule>
    </FilesMatch>
    
    # FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg
    <FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$">
    <IfModule mod_authz_core.c>
    Require env whitelist
    Require all denied
    </IfModule>
    
    <IfModule !mod_authz_core.c>
    <IfModule mod_access_compat.c>
    Order Allow,Deny
    Allow from env=whitelist
    Deny from all
    </IfModule>
    </IfModule>
    </FilesMatch>

    Example UAEG htaccess code for a LiteSpeed server with the folder whitelist rule for the Advanced Ads plugin:

    # BULLETPROOF PRO UPLOADS FOLDER .HTACCESS
    #
    # BPS LiteSpeed mod_rewrite
    #
    # BEGIN WHITELIST
    # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front
    # of the whitelist rule you want to use and add the actual filename or folder name you want to whitelist.
    # Whitelist a specific js file in the uploads folder: example.js
    #RewriteRule ^example.js$ - [L]
    # Whitelist an entire folder in the uploads folder: /uploads/example-folder/
    RewriteRule ^819/.*$ - [L]
    # END WHITELIST
    #
    # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
    RewriteCond %{REQUEST_URI} ^.*\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$ [NC]
    RewriteRule ^(.*)$ - [F]
    
    # FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg
    <FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$">
    Order Allow,Deny
    Deny from all
    </FilesMatch>
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.