BPS and W3TC: How to prevent caching of white pages with error code 403

[WEBenefits]

Hello,

I use the plugin “BulletProof Security Pro” already over 5 years for a variety of websites and I am very satisfied. In terms of WordPress security, there is no better tool for me. In case of problems, I could almost always find helpful tips in the manual or suitable solutions via the forum. However, I have a problem for a few years, which I could not solve until today, and hope to get the needed help via this forum entry:

Since performance is becoming more and more important, I have installed the caching plugin “W3 Total Cache” on all websites I maintain. The setup in combination with “BulletProof Security Pro” was a bit complicated the first time, but with a little practice this is no longer a problem and the caching plugin does what it should. However, However, at regular intervals I have the problem that when I call up the websites frontend, only a white page is displayed and a 403 error code is returned. As soon as I log into the backend and clear the page cache of “W3 Total Cache”, everything works again. With some websites this happens even several times a day, which is why I have already taken a closer look at the problem and found out via the BPS security logs that there is always an entry with the event code “BFHS – Blocked/Forbidden Hacker or Spammer” shortly before the white page problem occurs, with different host names and different HTTP user agents. I therefore suspect that despite the blocked access, a reload of the page cache is triggered with the blocked display. Unfortunately I don’t know with which workaround I can prevent this problem and hope very much that someone of you can give me a helpful tip to finally get the problem permanently under control.

For testing purposes I have already replaced the plugin “W3 Total Cache” with the plugin “WP Super Cache”. However, the same problem occurred here as well. It can’t be due to the hosting, because the error occurs with different hosting providers. Also, I regularly perform upcoming updates and therefore have the WordPress system and the installed plugins up to date. Only an uninstallation of “BulletProof Security Pro” had been able to eliminate the error. However, I do not want to do without “BulletProof Security Pro” nor “W3 Total Cache”, because in my opinion these plugins provide the best solutions in the area of security and performance respectively.

I would be very grateful for any ideas or solutions.

[AITpro Admin]

I do offer custom help at a reasonable cost for non-BPS Pro issues/problems and general website stuff.  Typically just a nominal fee = $50. Let me know if you’re interested > info at ait-pro dot com.

[WEBenefits]

Thanks for the offer. However, I assume that this problem has nothing to do with the general website configuration. I have already created an entry in the W3 Total Cache support forum as well (https://wordpress.org/support/topic/prevent-white-pages-403-forbidden-from-being-cached/). Here it is pointed out that the constant DONOTCACHEPAGE should be defined for blocked accesses and this info should be passed to the security plugin support.

[AITpro Admin]

The blank page problem in W3TC and WP Super Cache is not caused by BPS/BPS Pro.  The blank page problem in these caching plugins is a very common known problem.  Do these Google searches to see if you can find a solution:  W3TC blank page and WP Super Cache blank page.

Many years ago I thoroughly tested W3TC and WP Super Cache and randomly some of my website pages would display blank.  Most of the time my website home page would display blank randomly more than other website pages.  I spent months fiddling with the settings in both of these plugins, but unfortunately never found a permanent solution to get either of these plugins working consistently and not randomly displaying a blank website page.  Once again whatever causes the blank website pages problem has nothing to do with BPS/BPS Pro.

I no longer use any caching plugins, but did find 2 that did work consistently:  Comet Cache Pro (paid/premium version) and LiteSpeed Cache (my host server API is LiteSpeed:  Server API: litespeed CGI Host Server Type).  What I did instead is built a custom WordPress Theme and only use my Speed Boost Browser caching code here > https://forum.ait-pro.com/forums/topic/htaccess-caching-code-speed-boost-cache-code/.  My websites load in under 2 seconds without any caching plugins.

Summary:
Looking at BPS/BPS Pro as the cause of the problem is not going to get you anywhere.  I assume the cause of the problem has to do with some sort of host server issue and the settings in both of these caching plugins, but like I have already said I never found a permanent solution and discontinued using any caching plugins.  WordPress Themes available in the WP Theme Repository have to meet minimum standards/requirements in order to be hosted in the WP Theme Repository.  Those Theme requirements and the additional features that Theme authors create in their Themes generally cause a default load time out of the box of:  3-4 seconds.  My custom built Theme loads in 1 second out of the box.

Additionally I have posted this technical help information below in the W3TC forum topic that you created, which explains why BPS/BPS Pro would not cause the blank page problem in these caching plugins.

BPS/BPS Pro redirects 403 errors to a custom 403 template page BEFORE whatever URI/URL/page loads using the htaccess directive: ErrorDocument. htaccess code is processed FIRST before any php code/pages/posts, etc. The BPS 403 template uses: session_cache_limiter(‘nocache’); to prevent the 403 template page from being cached. So if a 403 error occurs and since BPS redirects all 403 errors BEFORE any URI/URL/page/post loads then BPS is not causing this issue.

Example: If a hacker sends an attack string/vector, etc. to URL/URI: example.com/some-page/ then the BPS security rules will block that attack and redirect that attack to the BPS 403 logging template. The URL/URI: example.com/some-page/ never loads (is not accessed/visited) because the attack will be redirected to the 403 logging template instead of being allowed to visit/load the URL/URI: example.com/some-page/.

[WEBenefits]

Hmmm… First of all, thank you for the information. Sounds logical as far as it goes. From the “White Screen of death” I have also heard often. However, in our case the WordPress backend was not affected and no error was displayed even with active debug mode. Moreover, we have this problem exclusively with WordPress installations where we also use the BulletProof Security Pro plugin. Particularly noticeable is the fact that the white page also always occurs after a blocked call. About the keyword check of an uptime monitoring tool, we are directly informed when only a white page is seen again. I looked at the BPS security logs of the last months (January 2021 until today) and compared them with the times of the blank page alerts. In 100% of the cases (altogether the error occurred 22 times in this period) an access was blocked immediately before. I have copied all relevant log entries together:

[403 GET Request: 1. Januar 2021 - 20:18]
BPS Pro: 15
WP: 5.6
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.25.0

[403 GET Request: 3. Januar 2021 - 8:08]
BPS Pro: 15
WP: 5.6
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.25.0

[403 GET Request: 11. Januar 2021 - 21:59]
BPS Pro: 15
WP: 5.6
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: Apache-HttpClient/4.5.12 (Java/15.0.1)

[403 GET Request: 13. Januar 2021 - 16:20]
BPS Pro: 15
WP: 5.6
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.25.1

[403 GET Request: 18. Januar 2021 - 21:49]
BPS Pro: 15
WP: 5.6
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.25.1

[403 GET Request: 29. Januar 2021 - 19:22]
BPS Pro: 15.1
WP: 5.6
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: BitNinja website security essentials scanner 1.0 - bitninja.io/essential-scanner

[403 GET Request: 31. Januar 2021 - 16:08]
BPS Pro: 15.1
WP: 5.6
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: serpstatbot/1.0 (advanced backlink tracking bot; curl/7.58.0; http://serpstatbot.com/; abuse@serpstatbot.com)

[403 GET Request: 15. Februar 2021 - 3:23]
BPS Pro: 15.2
WP: 5.6.1
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.25.1

[403 GET Request: 20. Februar 2021 - 19:52]
BPS Pro: 15.2
WP: 5.6.1
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.22.0

[403 GET Request: 27. Februar 2021 - 14:05]
BPS Pro: 15.2
WP: 5.6.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: Python/3.8 aiohttp/3.7.4

[403 GET Request: 28. Februar 2021 - 3:33]
BPS Pro: 15.2
WP: 5.6.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: Python-urllib/2.7

[403 GET Request: 11. März 2021 - 20:24]
BPS Pro: 15.3
WP: 5.6.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.25.1

[403 GET Request: 12. März 2021 - 0:59]
BPS Pro: 15.3
WP: 5.6.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.25.1

[403 GET Request: 14. März 2021 - 1:18]
BPS Pro: 15.3
WP: 5.6.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.25.1

[403 GET Request: 15. März 2021 - 18:13]
BPS Pro: 15.3
WP: 5.6.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: Python/3.8 aiohttp/3.6.2

[403 GET Request: 15. März 2021 - 20:07]
BPS Pro: 15.3
WP: 5.6.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: Mozilla/4.0 Java/1.8.0_181-google-v7

[403 GET Request: 15. März 2021 - 23:03]
BPS Pro: 15.3
WP: 5.6.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: curl/7.29.0

[403 GET Request: 19. März 2021 - 15:17]
BPS Pro: 15.3
WP: 5.6.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.25.1

[403 GET Request: 27. März 2021 - 2:04]
BPS Pro: 15.3
WP: 5.6.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.25.0

[403 GET Request: 2. April 2021 - 16:38]
BPS Pro: 15.3
WP: 5.6.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.25.1

[403 GET Request: 3. April 2021 - 21:39]
BPS Pro: 15.3
WP: 5.6.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.25.1

[403 GET Request: 4. April 2021 - 16:58]
BPS Pro: 15.3
WP: 5.6.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT: python-requests/2.25.1

(I have replaced the host names with “xxx” for GDPR reasons.)

[AITpro Admin]

Ok well if you want to completely eliminate that BPS is involved in the blank cached pages problem then do the steps below. All of the Security Log entries show blocked scans, scrapes, etc. by User Agent.  Wait a few days to see if the blank cached pages problem reoccurs.  If the problem does occur again then you will know that the problem is not related to or caused by BPS/BPS Pro.

1. Copy the modified QUERY STRING EXPLOITS code below into this BPS Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
2. Click the Save Root Custom Code button.
3. Go to the BPS Pro > Setup menu > Setup Wizard page > click the Pre-Installation Wizard button and click the Setup Wizard button.

# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
# The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
# Good sites such as W3C use it for their W3C-LinkChecker.
# Use BPS Custom Code to add or remove user agents temporarily or permanently from the
# User Agent filters directly below or to modify/edit/change any of the other security code rules below.
#RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
#RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
# END BPSQSE BPS QUERY STRING EXPLOITS

[WEBenefits]

Okay, thank you very much. That sounds like a good approach. I will try that, wait a bit and get back to you.

[Author]

Posts