iThemes Carousel – Plugin Firewall whitelist rules

Home Forums BulletProof Security Pro iThemes Carousel – Plugin Firewall whitelist rules

Tagged: ,

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • September 22, 2013 at 3:48 pm #10000
    Philip Shambrook
    Participant

    I have the iThemes Carousel plugin installed on 3 websites using 2 different themes and all seem to be affected by the plugins htaccess file.  If I deactivate the BulletProof Mode for plugins.htaccess the carousels work.  As soon as it is activated they don’t.  I believe I have set up things properly, but definitely see a difference when I activate/deactivate plugins.htaccess.

    Sites are:

    nzmountainrunning.co.nz
    thekaweka.co.nz

    All now have plugins.htaccess deactivated.

    Other site hbtrc.co.nz currently has BPS Pro deactivated (deleted for testing), but will be reactivated shortly to further verify the issue.

    September 22, 2013 at 4:07 pm #10003
    AITpro Admin
    Keymaster

    I scanned this site:  nzmountianrunning.co.nz with the Pro-Tools cURL scanner and these are your Plugin Firewall whitelist rules for that website:

    /carousel/js/(.*).js, /contact-form-7/includes/js/(.*).js

    Copy and paste your Plugin Firewall whitelist rules in the Plugin Firewall Whitelist Text area text box, click the Save Whitelist Options button and activate the Plugin Firewall on this site.

    The Plugin Firewall whitelist rules for this website:  hbtrc.co.nz are:

    /background-manager/resources/js/(.*).js, /contact-form-7/includes/js/(.*).js

    Do the same steps above to add these Plugin Firewall whitelist rules for this website.

    The Plugin Firewall whitelist rules for this website:  thekaweka.co.nz are:

    /carousel/js/(.*).js, /contact-form-7/includes/js/(.*).js

    Do the same steps above to add these Plugin Firewall whitelist rules for this website.

    September 22, 2013 at 4:24 pm #10014
    Philip Shambrook
    Participant

    When I use the Pro-Tools cURL scanner I get this result:

    /carousel/js/jquery.carouFredSel-6.1.0-packed.js, /contact-form-7/includes/js/jquery.form.min.js, /contact-form-7/includes/js/scripts.js

    It’s a little different. Either way, it does appear that the problem was due to me failing to Save Whitelist Options that was at fault – a case of failing to RTFM!

    Thanks for the rapid response.  All appears good now and I’ll get to activate the 3rd site – nzmountainrunning.co.nz later as a final check.

    Many thanks
    Philip

    September 22, 2013 at 4:29 pm #10015
    AITpro Admin
    Keymaster

    The Plugin Firewall rules can use Regular Expressions code to reduce the number of rules and also a VERY IMPORTANT reason to use Regular Expressions code is this:

    Let’s say the Plugin author of the Carousel plugin changes the name of this js script in the next version of his/her plugin…

    /carousel/js/jquery.carouFredSel-6.1.0-packed.js

    …to this…

    /carousel/js/jquery.carouFredSel-6.1.1-packed.js

    …then what will happen if you used the literal plugin script name is the old whitelist rule will no longer work.  So by using this…

    /carousel/js/(.*).js

    …even if the name of the js script changes then the Plugin Firewall whitelist rule will still work.  (.*) means match anything.

    Related Help Resources / Links
    http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/
    http://forum.ait-pro.com/forums/topic/security-log-http-error-log-read-me-first/
    http://forum.ait-pro.com/video-tutorials/

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.