Invelity GLS online connect – export blocked – 403 error

Home Forums BulletProof Security Free Invelity GLS online connect – export blocked – 403 error

This topic contains 9 replies, has 2 voices, and was last updated by  AITpro Admin 1 week, 6 days ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #38104

    ivan
    Participant

    Hi, i use plugin https://wordpress.org/plugins/invelity-gls-online-connect/ and using export with administration woocommerce orders:

    http://screenshot.cz/R5/R56NB/22.png

    in export not correctly, and stoped:

    http://screenshot.cz/R3/R3VLF/screenshot_2019-10-30-403-forbidden.png

    export is blocked with this notice.

    Url in error notice:

    /wp-admin/edit.php?post_type=shop_order&paged=1&gls-sucessfull=a%3A1%3A{i%3A0%3Ba%3A1%3A{s%3A7%3A"orderId"%3Bi%3A68323%3B}}&gls-unsucessfull=a%3A0%3A{}
    

    ERROR LOG:

    [403 GET Request: 30. oktobra 2019 - 15:26]
    BPS: 3.7
    WP: 5.2.4
    Event Code: WPADMIN-SBR
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: GDPR Compliance On
    Host Name: 84-245-121-211.dynamic.swanmobile.sk
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: GDPR Compliance On
    HTTP_FORWARDED: GDPR Compliance On
    HTTP_X_FORWARDED_FOR: GDPR Compliance On
    HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.mydielkaren.sk/wp-admin/edit.php?post_type=shop_order
    REQUEST_URI: /wp-admin/edit.php?post_type=shop_order&paged=1&gls-sucessfull=a%3A1%3A%7Bi%3A0%3Ba%3A1%3A%7Bs%3A7%3A%22orderId%22%3Bi%3A68323%3B%7D%7D&gls-unsucessfull=a%3A0%3A%7B%7D
    QUERY_STRING: post_type=shop_order&paged=1&gls-sucessfull=a%3A1%3A%7Bi%3A0%3Ba%3A1%3A%7Bs%3A7%3A%22orderId%22%3Bi%3A68323%3B%7D%7D&gls-unsucessfull=a%3A0%3A%7B%7D
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
    

     

    #38105

    AITpro Admin
    Keymaster

    I believe the security rule in the Root htaccess file Query String Exploits section of code that is blocking the Query String is this one below.  I am currently testing the Invelity GLS online connect Query String on a test website.  Specifically what appears to be blocked is the word “order” in the Query String:  post_type=shop_order

    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    #38106

    ivan
    Participant

    I have code in root mode:

    and delete this all codes:

    # WooCommerce shop, cart, checkout & wishlist URI skip/bypass rule
    RewriteCond %{REQUEST_URI} ^.*/(obchod|kosik|kontrola-objednavky|moj-ucet|registracia|prihlasenie).* [NC]
    RewriteRule . - [S=15]
    
    # WooCommerce order & wc-ajax=get_refreshed_fragments Query String skip/bypass rule
    RewriteCond %{QUERY_STRING} .*(order|wc-ajax=get_refreshed_fragments).* [NC]
    RewriteRule . - [S=14]
    
    # WooCommerce order & wc-ajax=get_refreshed_fragments Query String skip/bypass rule
    RewriteCond %{QUERY_STRING} .*(order|wc-ajax=get_refreshed_fragments).* [NC]
    RewriteRule . - [S=13]
    

    and i delete

    12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS: 
    from this order term...
    
    https://www.mydielkaren.sk/wp-admin/edit.php?post_type=shop_order&paged=1&gls-sucessfull=a%3A1%3A%7Bi%3A0%3Ba%3A1%3A%7Bs%3A7%3A%22orderId%22%3Bi%3A68323%3B%7D%7D&gls-unsucessfull=a%3A0%3A%7B%7D
    

    and problem is not solved..

    not working export 🙁

    #38107

    AITpro Admin
    Keymaster

    Here is the solution:

    1. Copy the modified Query String Exploits code below into this BPS Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Setup Wizard page and run the Setup Wizard.
    Note: The Setup Wizard will automatically put the Custom Code that you deleted back the way it was before since it was not related to the problem and is needed for WooCommerce.

    # BEGIN BPSQSE BPS QUERY STRING EXPLOITS
    # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
    # Good sites such as W3C use it for their W3C-LinkChecker. 
    # Use BPS Custom Code to add or remove user agents temporarily or permanently from the 
    # User Agent filters directly below or to modify/edit/change any of the other security code rules below.
    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] 
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] 
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F]
    # END BPSQSE BPS QUERY STRING EXPLOITS
    #38123

    ivan
    Participant

    Good day

    its not working.

    Can I send you my codes somewhere that I have entered?

    #38124

    AITpro Admin
    Keymaster

    Oops the URI is for the wp-admin folder.  So you would ALSO need to add this modified wp-admin Query String Exploits code below in BPS wp-admin Custom Code.

    1. Copy the modified wp-admin Query String Exploits code below into this BPS wp-admin Custom Code text box: 4. CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    2. Click the Save wp-admin Custom Code button.
    3. Go to the Security Modes page and click the wp-admin folder BulletProof Mode Activate button.

    # BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    # WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED
    # Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently.
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\s+|%20+\s+|\s+%20+|\s+%20+\s+)(http|https)(:/|/) [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F]
    # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    #38125

    ivan
    Participant

    ohh…

    export not working

    403 Forbidden Error Page
    If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.
    IP Address: 62.197.196.26

    #38126

    AITpro Admin
    Keymaster

    Do the BPS troubleshooting step #2 and let me know if the export works or not.

    https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting

    2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.

    #38127

    ivan
    Participant

    Hello, I have done but it still does not work.

    After deactivating the wp admin button, the export takes place.

    #38128

    AITpro Admin
    Keymaster

    Are you saying that deactivating wp-admin BulletProof Mode works or does not work?  I just retested the wp-admin fix I posted above and it works perfectly on my testing website.  Did you do the steps correctly? Did you add the code in the correct Custom Code text box?  Did you do all of the Custom Code steps?

    Additional Note:
    If you have ModSecurity installed on your web host server then ModSecurity will most likely block that dangerous Query String because it has double quote code characters in the Query String ". Double quote code characters should NEVER be used in a Query String. BPS logs all 403 errors whether or not BPS is blocking something.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.