BPS 6.5 default secure htaccess blocking cURL requests

Home Forums BulletProof Security Free BPS 6.5 default secure htaccess blocking cURL requests

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #42031
    Aimee
    Participant

    Hi there,

    I noticed something new about the 6.5 secure htaccess file is that out of the gate it’s not blocking UptimeRobot and also returns a 405 if I send a cURL request. I managed to solve the fact that UptimeRobot is blocked by using this which I found on the forum (placed in “9. CUSTOM CODE REQUEST METHODS FILTERED”):

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and copy
    # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
    # text box: CUSTOM CODE REQUEST METHODS FILTERED.
    # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
    RewriteCond %{HTTP_USER_AGENT} !^.*(UptimeRobot|uptimerobot.com).* [NC]
    RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

    But a single, personal cURL request from my machine still seem to be returning a 405 error.

    Do I need to whitelist myself in this instance?

    #42032
    Aimee
    Participant

    I take that back. Adding that code did not allow Uptime to hit the site. I’m just getting notification it’s returning a 405 still.

    #42033
    AITpro Admin
    Keymaster

    Use the steps here to allow/whitelist all curl Requests > https://forum.ait-pro.com/forums/topic/mailchimp-embed-code-verification-gets-403/#post-40237. Note: HEAD Requests and curl Requests are typically just nuisance Bot Requests. So it is fine/safe to allow them.

    To allow all HEAD Requests use this code:

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and copy
    # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
    # text box: CUSTOM CODE REQUEST METHODS FILTERED.
    # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
    #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.