Flash swf 403 error – Flash slideshow blocked

Home Forums BulletProof Security Free Flash swf 403 error – Flash slideshow blocked

Tagged: , ,

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • April 12, 2013 at 1:41 pm #4287
    Angela T.
    Member

    A large flash movie on my website now fails to load and gets a 403 forbidden error since I installed BPS Free. I deactivated Root Folder BulletProof Mode to verify it was the problem and my flash movie did start working again. Activate BPS and it fails.Β  I have tried several ways to whitelist the internal reference in my .htaccess file but I’m not experienced enough with htaccess to understand what I am doing. Could you please let me know what custom code I need to place in my .htaccess file for the flash to work again?

    The Website is bibleprophecy.com (flash slide show should be showing up just under the navigation).

    Thank you so much for your help.

    April 12, 2013 at 1:53 pm #4289
    AITpro Admin
    Keymaster

    The issue/problem appears to be that the link to the swf file is simulating an RFI hacking attempt against your website.

    http: //www.bibleprophecy.com/wp-content/themes/theme1371/flash/header_cs3.swf?xmlUrl=http://www.bibleprophecy.com/wp-content/themes/theme1371/flash/xml

    You should be able to whitelist the swf file by editing your root .htaccess file and adding header_cs3\.swf| to the security filter as shown below.

    1. Copy the modified TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE code below to this BPS Root Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    IMPORTANT!!!: Edit the code below after copying it to BPS Custom Code and replace “example.com” with your actual website domain name.

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
# 
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (header_cs3\.swf|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*example.com.*
RewriteRule . - [S=1]
    April 13, 2013 at 10:02 am #4319
    Angela T.
    Member

    Thank you Thank you! That did the trick! πŸ™‚

    April 13, 2013 at 11:13 am #4321
    AITpro Admin
    Keymaster

    Great! Β Thanks for confirming all is now well.

    June 26, 2013 at 7:27 pm #7219
    Colton3310
    Participant

    Oh, thanks. The answer is good, but I cannot understand the code. The flash slide show can work well if I use Kvisoft Photo Slide Show Maker to create one.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.