Home › Forums › BulletProof Security Pro › bbPress send topic to trash 403 error
Tagged: bbPress, BuddyPress, post.php, trash topic
- This topic has 9 replies, 3 voices, and was last updated 10 years, 4 months ago by Terry Thornton.
-
AuthorPosts
-
AndreParticipant
Hi,
when wanting to trash a topic I receive a 403 warning page generated by BPS. I already tried to whitelist /bbpress/bbpress.php which doesnt solve the problem. I think because it is from the admin panel what I want to do. Any help?
Thanks in advance.
AndreAITpro AdminKeymasterPost the error from your BPS Pro Security Log that directly relates to this. Please do not post your entire log file.
AndreParticipant>>>>>>>>>>> 403 GET or Other Request Error Logged - May 30, 2013 - 11:19 pm <<<<<<<<<<< REMOTE_ADDR: my IP Host Name: my-host HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.mydomain.com/wp-admin/edit.php?post_type=topic REQUEST_URI: /wp-admin/post.php?post=2412&action=trash&_wpnonce=5116c22351&_wp_http_referer=http://www.mydomain.com/wp-admin/edit.php?post_type=topic QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36
AITpro AdminKeymasterUPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.
1. Add the wp-admin post.php skip/bypass rule to this wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
2. Click the Save wp-admin Custom Code button.
3. Go to the Security Modes page and activate wp-admin BulletProof Mode.Note: The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. If you have other wp-admin skip/bypass rules already then either combine them or add this skip/bypass rule separately above the other rules and change the skip #. Example: If you already have skip #’s 2 and 3 then this rule would be skip rule #4.
# BuddyPress post.php skip/bypass rule RewriteCond %{REQUEST_URI} (post\.php) [NC] RewriteRule . - [S=2]
BuddyPress Compose Message Autocomplete skip/bypass rule
http://forum.ait-pro.com/forums/topic/bulletproof-security-buddypress-compose-message-autocomplete/If you want to combine them you can do this. We are not whitelisting admin-ajax.php for personal reasons.
# BuddyPress post.php and admin-ajax.php skip/bypass rule RewriteCond %{REQUEST_URI} (post\.php|admin-ajax\.php) [NC] RewriteRule . - [S=2]
AndreParticipantI couldnt test in on the topics, cause they were gone to the trash… donno why. 🙂
so i created a new one. Closed it, then sent to trash. Your rule worx!!THANKS
Am not using buddypress… Is it better, to add buddypress when Only wanting to use a forum? probably not, right?AITpro AdminKeymasterYour asking the wrong person. I am not a BuddyPress expert. Thank god I know my way around code or I would have been screwed a long time ago. I have a lot of custom functions in my functions.php file. 😉
AndreParticipantWell, I havent on purpose deleted anything. I have watched a good preparation video on: http://labzip.com/the-definitive-guide-to-buddypress-bbpress-configuration/ but i dont need a community, only bbpress which impresses me already cool….
Terry ThorntonParticipantStill seeing the problem
[403 GET / HEAD Request: July 31, 2014 - 13:41] Event Code: WPADMIN-SBR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 71.236.214.5 Host Name: c-71-236-214-5.hsd1.or.comcast.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.cleanreach.com/wp-admin/edit.php?post_type=reply REQUEST_URI: /wp-admin/post.php?post=1928&action=trash&_wpnonce=4291760d71&_wp_http_referer=http://www.cleanreach.com/wp-admin/edit.php?post_type=reply QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
do I need to turn off wp-admin security first before I copy the revised .htaccess over?
AITpro AdminKeymasterDid you do all of the wp-admin Custom Code steps? The steps are not clear above and will be updated in a minute.
1. Add the wp-admin skip/bypass rule to the wp-admin Custom Code box: CUSTOM CODE WPADMIN PLUGIN FIXES
2. Click the Save wp-admin Custom Code button.
3. Go to the Security Modes page and activate wp-admin BulletProof Mode again.Terry ThorntonParticipantWorked! I was trying to edit the htaccess file directly. I did not see the custom code tab. I thought you were taking about a section in the file itself. My bad. Thanks for the quick response.
-
AuthorPosts
- You must be logged in to reply to this topic.