Broken Link Checker Plugin 403 Error

Home Forums BulletProof Security Free Broken Link Checker Plugin 403 Error

This topic contains 6 replies, has 3 voices, and was last updated by  Simone 4 years, 8 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #2017

    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    1. Copy this .htaccess code below to this BPS Root Custom Code text box: CUSTOM CODE REQUEST METHODS FILTERED:
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    BPS Pro 11.6+ & BPS free .53.2+
    You may see this code or the 11.5+/.53.1+ code in your root htaccess file.  The code does the same exact thing and is whitelisted in the same exact way.

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and copy
    # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
    # text box: CUSTOM CODE REQUEST METHODS FILTERED.
    # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
    #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

    BPS Pro 11.5+ & BPS free .53.1+

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and copy
    # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
    # text box: CUSTOM CODE REQUEST METHODS FILTERED.
    # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
    #RewriteRule ^(.*)$ - [R=405,L]

    BPS Pro 11.4|BPS free .53 and lower versions

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and 
    # remove/delete HEAD| from the Request Method filter.
    # Example: RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    # The TRACE, DELETE, TRACK and DEBUG Request methods should never be removed.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    #5384

    Dennis
    Participant

    I’m trying to get Broken Link Checker functionality on a few WordPress sites, and just tried the fix above. When I removed HEAD| from the root .htaccess, I couldn’t access the site (403 forbidden). Oddly, when I put HEAD| back in the file, I still couldn’t access the site – I had to actually had to do a Restore to get the site to load again.
    Any clues as to what the problem might be? I just upgraded to BPS Pro 5.8.1, fwiw. Thanks.

    #5387

    AITpro Admin
    Keymaster

    Most likely a typo was made in your root .htaccess file.  The fix above is a confirmed solution and does work.  Did you use the BPS Pro built-in .htaccess editor to remove/delete HEAD| or did you do this manually?  You should always use the built-in .htaccess editor to edit your .htaccess files.  This ensures that the formatting of .htaccess files do not contain hidden formatting or anything else that will negate/corrupt the .htaccess files.

    Example:  If you edit and save an .htaccess file in Wordpad or Word then the .htaccess file will contain hidden formatting.  Basically the .htaccess is no longer usable anymore.  Only Notepad or Notepad++ should be used to manually edit .htaccess files to preserve the correct .htaccess file format.

    #5415

    Dennis
    Participant

    Greetings Key Master.

    I used the built in editor to make the changes. Even with that built in convenience, I screwed it up initially. When I unlocked the .htaccess file, the selected file jumped back to secure.htaccess, so my first mistake was to remove HEAD| from the wrong file. Oops.

    It turns out the problem is with code inserted by Better WP Security, buried in :

    RewriteCond %{QUERY_STRING} ^.*("|'||\|{||).* [NC,OR]

    Haven’t a clue what the code is doing – I just kept paring down the .htaccess code till I found it. Is there another way to check for link errors – one that doesn’t make HEAD requests or require hand checking ad infinitum? Thanks again.

    #5416

    AITpro Admin
    Keymaster

    Yes, several people have mentioned that using some of the .htaccess options in Better WP Security causes problems.  That is because the .htaccess code that Better WP Security uses/creates is too general and does not specifically target only hacking patterns or allow for any whitelisting/skip bypass/exceptions. etc.

    BPS has much more sophisticated .htaccess code and allows for whitelisting/skip bypass rules/exceptions, etc.  I have not looked at the Better WP Security plugin for a long time, but that last time I looked at the .htaccess code it did some of the things that BPS and BPS Pro is already doing, but in a much less advanced and sophisticated way.  So basically using any of the Better WP Security .htaccess options/code is adding less sophisticated and redundant .htaccess code.

    My recommendation is that you do not use any of the .htaccess code options in Better WP Security since BPS and BPS Pro are already doing this in a much more advanced and sophisticated way and of course offer many different methods to whitelist/skip bypass or create exceptions.

    #10021

    Jimmy Shine
    Participant

    Broken Link Checker plugin HEAD Request Method filter problem detected
    To fix this problem Click Here. To Dismiss this Notice click the Dismiss Notice link below. To Reset Dismiss Notices click the Reset/Recheck Dismiss Notices button on the Security Status page.

    I don’t understand what it wants me to do.

    #10025

    AITpro Admin
    Keymaster

    Follow the steps in this link http://forum.ait-pro.com/forums/topic/broken-link-checker-plugin-403-error/#post-2017 or just dismiss the Dimiss Notice.  The Broken Link Checker makes a HEAD Request and if that is blocked it makes a GET Request.  In other words, the Broken Link Checker works fine whether or not you do the steps in the link above.  If you see errors in your BPS Security log regarding the Broken Link Checker plugin then you can just ignore them or do the steps above so that the errors are no longer logged.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.