BackWPUp – Missing or not expected HTTP response headers

[AITpro Admin]

UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

The problem (see errors below) is caused by a HEAD Request being made by BackWPUp and BPS is blocking that HEAD Request made by BackWPUp.

Solution:
Depending on your web host the BPS Root htaccess file Request Methods Filtered code will be either one of the example code blocks below. Either block of code does the exact same thing and the whitelisting method to allow HEAD Requests is exactly the same:

1.  Go to the BPS htaccess File Editor tab page > click “Your Current Root htaccess File” tab > Copy the REQUEST METHODS FILTERED htaccess code from your BPS root htaccess file.
2.  Go to BPS Root Custom Code and paste your REQUEST METHODS FILTERED htaccess code that you copied to this BPS Root Custom Code text box:  CUSTOM CODE REQUEST METHODS FILTERED.
3.  Comment out the last 2 lines of either block of code (examples shown below) with a # sign as shown below.
4.  Click the Save Root Custom Code button.
5. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy 
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code 
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

Or you may see this REQUEST METHODS FILTERED code:

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ - [R=405,L]

BackWPUp error:

Missing or not expected HTTP response headers:
date: Mon, 22 Feb 2016 22:20:11 GMT
server: Apache/2.4.9 (Win32) OpenSSL/1.0.1g
x-frame-options: SAMEORIGIN
set-cookie: PHPSESSID=p8pmpaiu57ng2o8fb9fg3ga7b4; path=/
expires: Sat, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
status: 405 Method Not Allowed
allow: GET, POST, PUT
x-content-type-options: nosniff
connection: close
content-type: text/html; charset=UTF-8

BPS Security Log error entry:

[405 HEAD Request: February 22, 2016 - 2:20 pm]
Event Code: BFHS-HEAD - HEAD Request Blocked
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 127.0.0.1
Host Name: xxxx-HP
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: HEAD
HTTP_REFERER:
REQUEST_URI: /wp-cron.php?_nonce=3038975b94&doing_wp_cron=1456179611.6969730854034423828125&backwpup_run=test
QUERY_STRING: _nonce=3038975b94&doing_wp_cron=1456179611.6969730854034423828125&backwpup_run=test
HTTP_USER_AGENT: BackWPup/3.2.4; WordPress/4.4.2; http://demo5.local

[Nitin]

Server Headers Tool lists out all the Response Headers: https://1nine.com/Web/ServerHeaders sent by the web server including cookies being set.

[Author]

Posts