bbPress send topic to trash 403 error

Home Forums BulletProof Security Pro bbPress send topic to trash 403 error

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #6437
    Andre
    Participant

    Hi,

    when wanting to trash a topic I receive a 403 warning page generated by BPS. I already tried to whitelist /bbpress/bbpress.php which doesnt solve the problem. I think because it is from the admin panel what I want to do. Any help?
    Thanks in advance.
    Andre

    #6438
    AITpro Admin
    Keymaster

    Post the error from your BPS Pro Security Log that directly relates to this.  Please do not post your entire log file.

    #6440
    Andre
    Participant
    >>>>>>>>>>> 403 GET or Other Request Error Logged - May 30, 2013 - 11:19 pm <<<<<<<<<<<
    REMOTE_ADDR: my IP
    Host Name: my-host
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.mydomain.com/wp-admin/edit.php?post_type=topic
    REQUEST_URI: /wp-admin/post.php?post=2412&action=trash&_wpnonce=5116c22351&_wp_http_referer=http://www.mydomain.com/wp-admin/edit.php?post_type=topic
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36
    #6442
    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    1.  Add the wp-admin post.php skip/bypass rule to this wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
    2. Click the Save wp-admin Custom Code button.
    3. Go to the Security Modes page and activate wp-admin BulletProof Mode.

    Note:  The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1].  If you have other wp-admin skip/bypass rules already then either combine them or add this skip/bypass rule separately above the other rules and change the skip #.  Example:  If you already have skip #’s 2 and 3 then this rule would be skip rule #4.

    # BuddyPress post.php skip/bypass rule
    RewriteCond %{REQUEST_URI} (post\.php) [NC]
    RewriteRule . - [S=2]

    BuddyPress Compose Message Autocomplete skip/bypass rule
    http://forum.ait-pro.com/forums/topic/bulletproof-security-buddypress-compose-message-autocomplete/

    If you want to combine them you can do this. We are not whitelisting admin-ajax.php for personal reasons.

    # BuddyPress post.php and admin-ajax.php skip/bypass rule
    RewriteCond %{REQUEST_URI} (post\.php|admin-ajax\.php) [NC]
    RewriteRule . - [S=2]
    #6446
    Andre
    Participant

    I couldnt test in on the topics, cause they were gone to the trash… donno why. 🙂
    so i created a new one. Closed it, then sent to trash. Your rule worx!!

    THANKS
    Am not using buddypress… Is it better, to add buddypress when Only wanting to use a forum? probably not, right?

    #6447
    AITpro Admin
    Keymaster

    Your asking the wrong person.  I am not a BuddyPress expert.  Thank god I know my way around code or I would have been screwed a long time ago.  I have a lot of custom functions in my functions.php file.  😉

    #6448
    Andre
    Participant

    Well, I havent on purpose deleted anything. I have watched a good preparation video on: http://labzip.com/the-definitive-guide-to-buddypress-bbpress-configuration/ but i dont need a community, only bbpress which impresses me already cool….

    #16498
    Terry Thornton
    Participant

    Still seeing the problem

    [403 GET / HEAD Request: July 31, 2014 - 13:41]
    Event Code: WPADMIN-SBR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 71.236.214.5
    Host Name: c-71-236-214-5.hsd1.or.comcast.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.cleanreach.com/wp-admin/edit.php?post_type=reply
    REQUEST_URI: /wp-admin/post.php?post=1928&action=trash&_wpnonce=4291760d71&_wp_http_referer=http://www.cleanreach.com/wp-admin/edit.php?post_type=reply
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36

    do I need to turn off wp-admin security first before I copy the revised .htaccess over?

    #16502
    AITpro Admin
    Keymaster

    Did you do all of the wp-admin Custom Code steps?  The steps are not clear above and will be updated in a minute.

    1.  Add the wp-admin skip/bypass rule to the wp-admin Custom Code box: CUSTOM CODE WPADMIN PLUGIN FIXES
    2. Click the Save wp-admin Custom Code button.
    3. Go to the Security Modes page and activate wp-admin BulletProof Mode again.

    #16504
    Terry Thornton
    Participant

    Worked!  I was trying to edit the htaccess file directly.  I did not see the custom code tab.  I thought you were taking about a section in the file itself.  My bad.  Thanks for the quick response.

Viewing 10 posts - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.