Home › Forums › BulletProof Security Free › BackWPUp – Missing or not expected HTTP response headers
Tagged: BackWPup, HEAD Request
- This topic has 0 replies, 1 voice, and was last updated 9 years, 1 month ago by
AITpro Admin.
-
AuthorPosts
-
AITpro Admin
KeymasterUPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.
The problem (see errors below) is caused by a HEAD Request being made by BackWPUp and BPS is blocking that HEAD Request made by BackWPUp.
Solution:
Depending on your web host the BPS Root htaccess file Request Methods Filtered code will be either one of the example code blocks below. Either block of code does the exact same thing and the whitelisting method to allow HEAD Requests is exactly the same:1. Go to the BPS htaccess File Editor tab page > click “Your Current Root htaccess File” tab > Copy the REQUEST METHODS FILTERED htaccess code from your BPS root htaccess file.
2. Go to BPS Root Custom Code and paste your REQUEST METHODS FILTERED htaccess code that you copied to this BPS Root Custom Code text box: CUSTOM CODE REQUEST METHODS FILTERED.
3. Comment out the last 2 lines of either block of code (examples shown below) with a # sign as shown below.
4. Click the Save Root Custom Code button.
5. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.# REQUEST METHODS FILTERED # If you want to allow HEAD Requests use BPS Custom Code and copy # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code # text box: CUSTOM CODE REQUEST METHODS FILTERED. # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps. RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F] #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]
Or you may see this REQUEST METHODS FILTERED code:
# REQUEST METHODS FILTERED # If you want to allow HEAD Requests use BPS Custom Code and copy # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code # text box: CUSTOM CODE REQUEST METHODS FILTERED. # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps. RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F] #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] #RewriteRule ^(.*)$ - [R=405,L]
BackWPUp error:
Missing or not expected HTTP response headers: date: Mon, 22 Feb 2016 22:20:11 GMT server: Apache/2.4.9 (Win32) OpenSSL/1.0.1g x-frame-options: SAMEORIGIN set-cookie: PHPSESSID=p8pmpaiu57ng2o8fb9fg3ga7b4; path=/ expires: Sat, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache status: 405 Method Not Allowed allow: GET, POST, PUT x-content-type-options: nosniff connection: close content-type: text/html; charset=UTF-8
BPS Security Log error entry:
[405 HEAD Request: February 22, 2016 - 2:20 pm] Event Code: BFHS-HEAD - HEAD Request Blocked Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 127.0.0.1 Host Name: xxxx-HP SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: HEAD HTTP_REFERER: REQUEST_URI: /wp-cron.php?_nonce=3038975b94&doing_wp_cron=1456179611.6969730854034423828125&backwpup_run=test QUERY_STRING: _nonce=3038975b94&doing_wp_cron=1456179611.6969730854034423828125&backwpup_run=test HTTP_USER_AGENT: BackWPup/3.2.4; WordPress/4.4.2; http://demo5.local
-
AuthorPosts
- You must be logged in to reply to this topic.