iThemes Sync – POST 403 error

Home Forums BulletProof Security Free iThemes Sync – POST 403 error

Tagged: ,

This topic contains 3 replies, has 2 voices, and was last updated by  AITpro Admin 7 months, 3 weeks ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #33913

    YT_RNC
    Participant

    Heyo AITpro,

    Recently BPS decided to block my iThemes Sync pluging unexpectedly.

    I’ve whitelisted the IP in htaccess core >> custom code >> root htaccess

    +++++++++++++++++++++++++++++++++++++++++++++++++
    # Protect wp-login.php from Brute Force Login Attacks based on IP Address
    <FilesMatch "^(wp-login\.php)">
    Order Allow,Deny
    # Add your Public IP Address using 2 or 3 octets so that if/when
    # your IP address changes it will still be in your subnet range. If you
    # have a static IP address then use all 4 octets.
    # Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets: 65.100.50.1
    Allow from 54.163.229.
    </FilesMatch>

    Security log:

    +++++++++++++++++++++++++++++++
    [403 POST Request: September 3, 2017 - 8:25 pm]
    BPS: 2.3
    WP: 4.8.1
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 54.163.229.119
    Host Name: ec2-54-163-229-119.compute-1.amazonaws.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 54.163.229.119
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /?ithemes-sync-%72equest=1&cid=677208
    QUERY_STRING: ithemes-sync-%72equest=1&cid=677208
    HTTP_USER_AGENT: Mozilla/5.0 (compatible; iThemes Sync/1.0; +http://ithemes.com/sync)
    REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data

    What am I missing here?

    #33914

    AITpro Admin
    Keymaster

    Are you using the BPS POST Attack Protection Bonus Custom Code?  If so, try creating a Query String whitelist in your BPS POST Attack Protection Bonus Custom Code.  See example below.  If you are not using the BPS POST Attack Protection Bonus Custom Code then do the standard BPS troubleshooting steps > https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting and let me know which BPS Security feature is causing iThemes Sync to be blocked.

    # Whitelist iThemes Sync POST Request by Query String
    RewriteCond %{QUERY_STRING} !^ithemes-sync(.*) [NC]

    That Security Log entry is a bit odd.  The Request Method is GET, but Request Body data is being sent via the GET Request.  Normal/standard GET Requests do not send Request Body data in a GET Request.  Normally only POST Requests send Request Body data.

    #33917

    YT_RNC
    Participant
    1. I am using the BPS POST Attack Protection Bonus Custom Code (located in 14. CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here) of RBM
    2. Troubleshooting confirms RBM was responsible, deactivating resolved the issue.
    3. I reactivated RBM with the added the code you supplied (thank you) to the end of #14 – Results: Fail
    4. Moved the code to just under the filesmatch section (a bit higher up) and results = success (not sure why but sharing none the less.
    <FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
     Order Deny,Allow
     #Allow from x.x.x.
     Deny from all
     </FilesMatch>
     # Whitelist iThemes Sync POST Request by Query String
     RewriteCond %{QUERY_STRING} !^ithemes-sync(.*) [NC]

    Problem solved! Excellent support thanks!

    #33918

    AITpro Admin
    Keymaster

    You would want to move (cut not copy) your entire BPS POST Attack Protection code to this BPS Root Custom Code text box:  8. CUSTOM CODE WP REWRITE LOOP START, add your iThemes Sync whitelist rule in the POST Attack Protection code and very IMPORTANT!  > You also need to copy your # WP REWRITE LOOP START code from your Root htaccess file (htaccess File Editor tab page) into this same Custom Code text box.  What you should end up with in the 8. CUSTOM CODE WP REWRITE LOOP START Custom Code text box should look something like this example code below. Note: This example code has additional POST Attack Protection whitelist rules for this forum site ONLY. You would not need to add those whitelist rules in your actual POST Attack Protection code.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    # BPS POST Request Attack Protection
    RewriteCond %{REQUEST_METHOD} POST [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    #RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]
    # Whitelist the WordPress Theme Customizer
    #RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php
    # Forum POST Search - not required
    RewriteCond %{REQUEST_URI} !^.*/search/ [NC]
    # Pingbacks and remote posting
    #RewriteCond %{REQUEST_URI} !^.*/xmlrpc.php [NC]
    # Whitelist Jetpack POST Request to wp-load.php by Query String
    RewriteCond %{QUERY_STRING} !^for=jetpack(.*) [NC]
    # Cron wp_remote_post & similar Cron HTTP API functions
    RewriteCond %{REQUEST_URI} !^.*/wp-cron.php [NC]
    RewriteCond %{REQUEST_URI} !^.*/wp-login.php [NC]
    # Network|Multisite Signup
    RewriteCond %{REQUEST_URI} !^.*/wp-signup.php [NC]
    # Network|Multisite Activate
    RewriteCond %{REQUEST_URI} !^.*/wp-activate.php [NC]
    #RewriteCond %{REQUEST_URI} !^.*/wp-trackback.php [NC]
    RewriteCond %{REQUEST_URI} !^.*/wp-comments-post.php [NC]
    # bbPress/BuddyPress forum posting
    RewriteCond %{REQUEST_URI} !^.*/forums/.* [NC]
    # bbPress/BuddyPress forum Register Post form
    RewriteCond %{REQUEST_URI} !^.*/register/ [NC]
    # Whitelist iThemes Sync POST Request by Query String
    RewriteCond %{QUERY_STRING} !^ithemes-sync(.*) [NC]
    RewriteRule ^(.*)$ - [F]
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.