Invelity GLS online connect – export blocked – 403 error

[ivan]

Hi, i use plugin https://wordpress.org/plugins/invelity-gls-online-connect/ and using export with administration woocommerce orders:

http://screenshot.cz/R5/R56NB/22.png

in export not correctly, and stoped:

http://screenshot.cz/R3/R3VLF/screenshot_2019-10-30-403-forbidden.png

export is blocked with this notice.

Url in error notice:

/wp-admin/edit.php?post_type=shop_order&paged=1&gls-sucessfull=a%3A1%3A{i%3A0%3Ba%3A1%3A{s%3A7%3A"orderId"%3Bi%3A68323%3B}}&gls-unsucessfull=a%3A0%3A{}

ERROR LOG:

[403 GET Request: 30. oktobra 2019 - 15:26]
BPS: 3.7
WP: 5.2.4
Event Code: WPADMIN-SBR
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: GDPR Compliance On
Host Name: 84-245-121-211.dynamic.swanmobile.sk
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: https://www.mydielkaren.sk/wp-admin/edit.php?post_type=shop_order
REQUEST_URI: /wp-admin/edit.php?post_type=shop_order&paged=1&gls-sucessfull=a%3A1%3A%7Bi%3A0%3Ba%3A1%3A%7Bs%3A7%3A%22orderId%22%3Bi%3A68323%3B%7D%7D&gls-unsucessfull=a%3A0%3A%7B%7D
QUERY_STRING: post_type=shop_order&paged=1&gls-sucessfull=a%3A1%3A%7Bi%3A0%3Ba%3A1%3A%7Bs%3A7%3A%22orderId%22%3Bi%3A68323%3B%7D%7D&gls-unsucessfull=a%3A0%3A%7B%7D
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0

 

[AITpro Admin]

I believe the security rule in the Root htaccess file Query String Exploits section of code that is blocking the Query String is this one below.  I am currently testing the Invelity GLS online connect Query String on a test website.  Specifically what appears to be blocked is the word “order” in the Query String:  post_type=shop_order

RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

[ivan]

I have code in root mode:

and delete this all codes:

# WooCommerce shop, cart, checkout & wishlist URI skip/bypass rule
RewriteCond %{REQUEST_URI} ^.*/(obchod|kosik|kontrola-objednavky|moj-ucet|registracia|prihlasenie).* [NC]
RewriteRule . - [S=15]

# WooCommerce order & wc-ajax=get_refreshed_fragments Query String skip/bypass rule
RewriteCond %{QUERY_STRING} .*(order|wc-ajax=get_refreshed_fragments).* [NC]
RewriteRule . - [S=14]

# WooCommerce order & wc-ajax=get_refreshed_fragments Query String skip/bypass rule
RewriteCond %{QUERY_STRING} .*(order|wc-ajax=get_refreshed_fragments).* [NC]
RewriteRule . - [S=13]

and i delete

12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS: 
from this order term...

https://www.mydielkaren.sk/wp-admin/edit.php?post_type=shop_order&paged=1&gls-sucessfull=a%3A1%3A%7Bi%3A0%3Ba%3A1%3A%7Bs%3A7%3A%22orderId%22%3Bi%3A68323%3B%7D%7D&gls-unsucessfull=a%3A0%3A%7B%7D

and problem is not solved..

not working export 🙁

[AITpro Admin]

Here is the solution:

1. Copy the modified Query String Exploits code below into this BPS Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
2. Click the Save Root Custom Code button.
3. Go to the BPS Setup Wizard page and run the Setup Wizard.
Note: The Setup Wizard will automatically put the Custom Code that you deleted back the way it was before since it was not related to the problem and is needed for WooCommerce.

# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
# The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
# Good sites such as W3C use it for their W3C-LinkChecker. 
# Use BPS Custom Code to add or remove user agents temporarily or permanently from the 
# User Agent filters directly below or to modify/edit/change any of the other security code rules below.
RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] 
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] 
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
# END BPSQSE BPS QUERY STRING EXPLOITS

[ivan]

Good day

its not working.

Can I send you my codes somewhere that I have entered?

[AITpro Admin]

Oops the URI is for the wp-admin folder.  So you would ALSO need to add this modified wp-admin Query String Exploits code below in BPS wp-admin Custom Code.

1. Copy the modified wp-admin Query String Exploits code below into this BPS wp-admin Custom Code text box: 4. CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
2. Click the Save wp-admin Custom Code button.
3. Go to the Security Modes page and click the wp-admin folder BulletProof Mode Activate button.

# BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
# WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED
# Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently.
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\s+|%20+\s+|\s+%20+|\s+%20+\s+)(http|https)(:/|/) [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
# END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS

[ivan]

ohh…

export not working

403 Forbidden Error Page
If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.
IP Address: 62.197.196.26

[AITpro Admin]

Do the BPS troubleshooting step #2 and let me know if the export works or not.

https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting

2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.

[ivan]

Hello, I have done but it still does not work.

After deactivating the wp admin button, the export takes place.

[AITpro Admin]

Are you saying that deactivating wp-admin BulletProof Mode works or does not work?  I just retested the wp-admin fix I posted above and it works perfectly on my testing website.  Did you do the steps correctly? Did you add the code in the correct Custom Code text box?  Did you do all of the Custom Code steps?

Additional Note:
If you have ModSecurity installed on your web host server then ModSecurity will most likely block that dangerous Query String because it has double quote code characters in the Query String ". Double quote code characters should NEVER be used in a Query String. BPS logs all 403 errors whether or not BPS is blocking something.

[ivan]

Hi 🙂

wow… this code is working.

My problem was white page in saving…

I must click to button encrypt and next save custom code.

Now is working, very thanks !

[AITpro Admin]

Great!  I should have mentioned that if you have ModSecurity installed on your web host you would need to use the Custom Code Encryption feature before saving your Custom Code. Glad you figured that out on your own. 😉

[Author]

Posts