AWeber link validator error

[Jenny]

Hi admin and other “bright sparks”.

Is there a way that I can allow the AWeber link validator to check links to my website? Every time I insert a website page link into my AWeber emails, it fails to validate the link and I get a 403 error message in BPS pro.

I have read everything in BPS help and readme files, and this forum, that I think is related, and I still don’t know what to do about this.

I have received numerous error messages like the one below, for various pages on my website. Is this block likely to be due to settings I have in BPS pro, or could it be a hotlink problem, for example?

I did check this in my c-panel and the entry was exactly like the broken hotlink example in BPS help files, BUT it included my website. I assume this means it’s NOT broken.

An example of the BPS Pro security error I get is:

>>>>>>>>>>> 403 GET or Other Request Error Logged - June 22, 2013 - 5:52 pm <<<<<<<<<<<
REMOTE_ADDR: 207.106.200.18
Host Name: lb-outbound.aweber.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /dr-mikao-usui-blessing/
QUERY_STRING:
HTTP_USER_AGENT: AWeber Communications Inc. Link Validator - For info, visit https: //help.aweber.com/entries/21774298-how-are-messages-checked-for-broken-links

I have also asked AWeber for help with this and checked their URL mentioned above, but they have no answers yet.

Thanks for taking the time to help me out

[AITpro Admin]

“I did check this in my c-panel and the entry was exactly like the broken hotlink example in BPS help files, BUT it included my website. I assume this means it’s NOT broken.”

What does the statement above mean?  What did you check?  Are you saying you checked the cPanel HotLink Protection Tool and you see that the cPanel HotLink Protection Tool is causing the problem?

I do not know how Aweber works so do you have a plugin installed that is using Aweber to check links internally or are these errors coming from Aweber externally when Aweber is checking your site?

[Jenny]

Hello keymaster,

Sorry for the confusing statements.

This is the first time I have used an email autoresponder service, and I do not know how AWeber validate the links for their emails.  No, I do not have a plugin for link verification. This is something  AWeber do, from their site.

Regarding the other issue.  I have read so many different articles  in a search for the answer to the error messages, that my brain is a bit scrambled. It’s all pretty new to me. In the BPS information section entitled “BulletProof Security Not Working, Unable to Edit .htaccess Files, 404 Errors, Quarantine Not Working, WordPress is broken“, I read about the  cPanel HotLink Protection Tool, and wondered if it was causing the problem.

I therefore followed these instructions from the article, [please note I do NOT have any of the problems in the title, but the tool name sounded relevant to my issue]

“Log into your cPanel and click on the HotLink Protection Tool.  If you see this code below then this confirms that the problem that is occurring on your website is the broken cPanel HotLink Protection Tool problem.
URLs to allow access:”

(%0A|%0D|%27|%3C|%3E|%00)
\.opendirviewer\.
users\.skynet\.be.*

and found that my cpanel HotLink Protection Tool data showed almost but not quite, the same data

(%0A|%0D|%27|%3C|%3E|%00)
\.opendirviewer\.
^.*my websitename.com.*
users\.skynet\.be.*

Does this mean that the tool is functional, or that it is broken? The code is the same as that used in the BPS example, but my website was included, so I thought this might mean it is functional.

I realise that this may not be an issue with BPS at all, but I do not know where else to look. I had thought that, like my internet security program, I may need to whitelist AWeber.com somehow, in order to allow the link validator to work.

I can only work from my current level of knowledge, so please forgive any apparently stupid remarks.

Thanks

[AITpro Admin]

Ok now I got it.  These are actually 2 different issues.

The cPanel HotLink Protection Tool does not work at all and will cause all kinds of problems for your website, but as long as your root .htaccess file is locked then the HotLink Protection Tool cannot cause any problems for your website.  BPS will alert you immediately if the HotLink Protection Tool causes a problem.

What I need to see is the link in the email to see if there is a problem with the link itself or if there are coding characters in the link that BPS is blocking. Please post the link that is generating the error in your first post.

[Jenny]

Hi Keymaster,

Thanks for clarifying the HotLink Protection Tool for me. I have been waiting on replies from AWeber, in case they could help me fix the problem but no luck so far. I need to point out that the links in the emails are working, at least in the copies sent to myself as tests. I have asked them to let me know what process they use to validate links, so that may help sort out the issue.

The URL links that I’ve used in my emails are mainly standard permalinks using the page title, as was the one mentioned in the error example in my first post on June 24th. Some of the others are shortened with pretty link. ALL the  links I entered in my emails caused an error report, though, and were not validated by AWeber. I will email you the link details you asked for.

Thanks

 

[AITpro Admin]

This scenario is probably what is occurring.  If everything is actually working as it should be and the errors are occurring because of some additional thing that Aweber is doing then the only thing that would not be functioning correctly is the Aweber link validator check.  Once I know what Aweber is trying to do then I can provide a solution.  My hunch is that a HEAD Request is being made.  Try this below now and see if it works.

The new Custom Code features/options in BPS and BPS Pro allow you to now add this to BPS Custom Code.

1. Copy this code below to this BPS Root Custom Code text box: CUSTOM CODE REQUEST METHODS FILTERED:
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

BPS Pro 11.6+ & BPS free .53.2+
You may see this code or the 11.5+/.53.1+ code in your root htaccess file.  The code does the same exact thing and is whitelisted in the same exact way.

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

BPS Pro 11.5+ & BPS free .53.1+

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ - [R=405,L]

BPS Pro 11.4|BPS free .53 and lower versions

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and 
# remove/delete HEAD| from the Request Method filter.
# Example: RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
# The TRACE, DELETE, TRACK and DEBUG Request methods should never be removed.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]

[Jenny]

Hi Keymaster,

You are a genius. I followed your instructions and added the above code. When I re-tested adding URL links to my AWeber emails, they were all validated, except for links I’d shortened with the pretty link plugin. So, now I’ll follow up the link issue with Pretty Link, and Aweber.

Can you please tell me though, what the effect is likely to be, of removing HEAD from the Custom Code Request methods Filtered section? Will I get more error messages from spam bots etc?  What is “the nuisance” that HEAD protects me from?

Thanks a million for helping me with this Aweber issue.

[AITpro Admin]

The HEAD Request is used by a lot of junk and spam bots (and good bots too) to do a quick check to see if your site is up and reachable.  It’s a pre-check / test type of website request.  Removing HEAD from the Request Methods Filter does not decrease your website security in any way.  This is a nuisance filter and the overall impact of removing HEAD means that you will actually see less Security Log entries logged.  The big picture is this – your website is not negatively impacted by either allowing or blocking HEAD Requests.  In other words, blocking HEAD Requests is not important at all.  Blocking the TRACE|DELETE|TRACK|DEBUG Request Methods is very important.

[Jenny]

Thank you. That is reassuring to know.In case you were wondering why I didn’t email you the link. I did send it but the email  failed to send properly, and since this issue is resolved, there’s no point wasting your time by sending you the information now.

Thanks again, keymaster, for all your help.

[Author]

Posts