iThemes Sync – POST 403 error

[YT_RNC]

Heyo AITpro,

Recently BPS decided to block my iThemes Sync pluging unexpectedly.

I’ve whitelisted the IP in htaccess core >> custom code >> root htaccess

+++++++++++++++++++++++++++++++++++++++++++++++++
# Protect wp-login.php from Brute Force Login Attacks based on IP Address
<FilesMatch "^(wp-login\.php)">
Order Allow,Deny
# Add your Public IP Address using 2 or 3 octets so that if/when
# your IP address changes it will still be in your subnet range. If you
# have a static IP address then use all 4 octets.
# Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets: 65.100.50.1
Allow from 54.163.229.
</FilesMatch>

Security log:

+++++++++++++++++++++++++++++++
[403 POST Request: September 3, 2017 - 8:25 pm]
BPS: 2.3
WP: 4.8.1
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 54.163.229.119
Host Name: ec2-54-163-229-119.compute-1.amazonaws.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 54.163.229.119
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /?ithemes-sync-%72equest=1&cid=677208
QUERY_STRING: ithemes-sync-%72equest=1&cid=677208
HTTP_USER_AGENT: Mozilla/5.0 (compatible; iThemes Sync/1.0; +http://ithemes.com/sync)
REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data

What am I missing here?

[AITpro Admin]

Are you using the BPS POST Attack Protection Bonus Custom Code?  If so, try creating a Query String whitelist in your BPS POST Attack Protection Bonus Custom Code.  See example below.  If you are not using the BPS POST Attack Protection Bonus Custom Code then do the standard BPS troubleshooting steps > https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting and let me know which BPS Security feature is causing iThemes Sync to be blocked.

# Whitelist iThemes Sync POST Request by Query String
RewriteCond %{QUERY_STRING} !^ithemes-sync(.*) [NC]

That Security Log entry is a bit odd.  The Request Method is GET, but Request Body data is being sent via the GET Request.  Normal/standard GET Requests do not send Request Body data in a GET Request.  Normally only POST Requests send Request Body data.

[YT_RNC]

1. I am using the BPS POST Attack Protection Bonus Custom Code (located in 14. CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here) of RBM
2. Troubleshooting confirms RBM was responsible, deactivating resolved the issue.
3. I reactivated RBM with the added the code you supplied (thank you) to the end of #14 – Results: Fail
4. Moved the code to just under the filesmatch section (a bit higher up) and results = success (not sure why but sharing none the less.

<FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
 Order Deny,Allow
 #Allow from x.x.x.
 Deny from all
 </FilesMatch>
 # Whitelist iThemes Sync POST Request by Query String
 RewriteCond %{QUERY_STRING} !^ithemes-sync(.*) [NC]

Problem solved! Excellent support thanks!

[AITpro Admin]

You would want to move (cut not copy) your entire BPS POST Attack Protection code to this BPS Root Custom Code text box:  8. CUSTOM CODE WP REWRITE LOOP START, add your iThemes Sync whitelist rule in the POST Attack Protection code and very IMPORTANT!  > You also need to copy your # WP REWRITE LOOP START code from your Root htaccess file (htaccess File Editor tab page) into this same Custom Code text box.  What you should end up with in the 8. CUSTOM CODE WP REWRITE LOOP START Custom Code text box should look something like this example code below. Note: This example code has additional POST Attack Protection whitelist rules for this forum site ONLY. You would not need to add those whitelist rules in your actual POST Attack Protection code.

# WP REWRITE LOOP START
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# BPS POST Request Attack Protection
RewriteCond %{REQUEST_METHOD} POST [NC]
# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
#RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]
# Whitelist the WordPress Theme Customizer
#RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php
# Forum POST Search - not required
RewriteCond %{REQUEST_URI} !^.*/search/ [NC]
# Pingbacks and remote posting
#RewriteCond %{REQUEST_URI} !^.*/xmlrpc.php [NC]
# Whitelist Jetpack POST Request to wp-load.php by Query String
RewriteCond %{QUERY_STRING} !^for=jetpack(.*) [NC]
# Cron wp_remote_post & similar Cron HTTP API functions
RewriteCond %{REQUEST_URI} !^.*/wp-cron.php [NC]
RewriteCond %{REQUEST_URI} !^.*/wp-login.php [NC]
# Network|Multisite Signup
RewriteCond %{REQUEST_URI} !^.*/wp-signup.php [NC]
# Network|Multisite Activate
RewriteCond %{REQUEST_URI} !^.*/wp-activate.php [NC]
#RewriteCond %{REQUEST_URI} !^.*/wp-trackback.php [NC]
RewriteCond %{REQUEST_URI} !^.*/wp-comments-post.php [NC]
# bbPress/BuddyPress forum posting
RewriteCond %{REQUEST_URI} !^.*/forums/.* [NC]
# bbPress/BuddyPress forum Register Post form
RewriteCond %{REQUEST_URI} !^.*/register/ [NC]
# Whitelist iThemes Sync POST Request by Query String
RewriteCond %{QUERY_STRING} !^ithemes-sync(.*) [NC]
RewriteRule ^(.*)$ - [F]

[Author]

Posts