Security Log – Security Log entries, Plugin Firewall

Home Forums BulletProof Security Pro Security Log – Security Log entries, Plugin Firewall

Viewing 15 posts - 1 through 15 (of 15 total)
  • Author
    Posts
  • #1015
    Patrick
    Participant

    Hello.With the installation of the new BulletProof 5.5 Pro have appeared messages which I had not seen before. They are:

    BPS PRO SECURITY / HTTP ERROR LOG================================= ====================
    
    >>>>>>>>>>> 403 Error Logged - 15 enero 2013 - 11:12 <<<<<<<<<<<
    REMOTE_ADDR: 208.54.37.226
    Host Name: me22536d0.tmodns.net
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: 
    REQUEST_URI: /wp-content/uploads/2012/12/whatsapp.jpg
    QUERY_STRING: 
    HTTP_USER_AGENT:
    
    >>>>>>>>>>> 403 Error Logged - 15 enero 2013 - 11:17 <<<<<<<<<<<
    REMOTE_ADDR: 80.30.153.173
    Host Name: 80.30.153.173
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: http://masalladelared.com/foros/topic/bodycombat-54-tracklist/
    REQUEST_URI: /wp-content/plugins/suffusion-bbpress-pack/include/js/topic.js?ver=1.01
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17
    
    >>>>>>>>>>> 403 Error Logged - 15 enero 2013 - 11:17 <<<<<<<<<<<
    REMOTE_ADDR: 80.30.153.173
    Host Name: 80.30.153.173
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: http://masalladelared.com/foros/topic/bodycombat-54-tracklist/
    REQUEST_URI: /wp-content/plugins/bbpress/templates/default/js/topic.js?ver=2.2.3
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17
    
    >>>>>>>>>>> 403 Error Logged - 15 enero 2013 - 11:34 <<<<<<<<<<<
    REMOTE_ADDR: 83.54.163.205
    Host Name: 205.Red-83-54-163.dynamicIP.rima-tde.net
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: http://masalladelared.com/blog/como-sacarse-el-carnet-de-conducir-sin-pasar-por-la-autoescuela/
    REQUEST_URI: /wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.06
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; rv:18.0) Gecko/20100101 Firefox/18.0
    
    >>>>>>>>>>> 403 Error Logged - 15 enero 2013 - 13:20 <<<<<<<<<<<
    REMOTE_ADDR: 80.38.168.248
    Host Name: 248.Red-80-38-168.staticIP.rima-tde.net
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: http://masalladelared.com/blog/tag/anuncios-publicitarios/
    REQUEST_URI: /wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.06
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C)

    A to be these error messages? It is necessary to know these errors? thankstranslated by google

    #1025
    AITpro Admin
    Keymaster

    Some of these are just standard security log entries and these 2 log entries below are telling you that your Plugin Firewall is blocking these 2 plugin scripts and you need to add these 2 plugin scripts to your Plugin Firewall Whitelist.  See the blue Read Me help button for the Plugin Firewall and look at the How to add plugin script/file names manually help section.  I have also copied that help section below.

    >>>>>>>>>>> 403 Error Logged – 15 enero 2013 – 11:17 <<<<<<<<<<<

    Add this plugin script – /bbpress/templates/default/js/topic.js to your Plugin Firewall Whitelist

    >>>>>>>>>>> 403 Error Logged – 15 enero 2013 – 11:34 <<<<<<<<<<<

    Add this plugin script – /nextgen-gallery/js/ngg.slideshow.min.js to your Plugin Firewall Whitelist

    How to add plugin script/file names manuallyThe Plugin Firewall blocks external/remote access to files that are located in the plugins folder. If you have a script/file outside of the plugins folder then you do not need to Whitelist it.

    The Plugin Firewall Whitelist Scan is designed to detect scripts that are currently loaded on your Home page and your WordPress Login page. The Custom Scan Tool allows you to scan additional specific website pages. If you have a Payment Gateway Provider script/file (A PayPal IPN script for example) that is located in a plugin in your plugins folder then you should manually add that script/file name to Plugins Script/File Whitelist Text Area. Example: /some-example-plugin/api/paypal-ipn-script.php. To add this example script/file name to the Plugins Script/File Whitelist Text Area you would add it after any other scripts/files that have been detected by the Scan and displayed in the Plugins Script/File Whitelist Text Area separtated by a comma and a space between each plugin script/file path that you add.

    Each plugin script/file path that you enter MUST be separated by a comma and a space. Example: /some-example-plugin/api/paypal-ipn-script.php, /another-example-plugin/some-example-script.php. The path name starts with the plugin folder name (do not add /wp-content in the path name). After manually adding your script/file name path you would then click the Save Whitelist Options button to save your Whitelist data to your database and click the Plugin Firewall BulletProof Mode Activate button.

    #1213
    AITpro Admin
    Keymaster

    A new Plugin Firewall Read Me First Troubleshooting post has been created here >>> http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/

    #1454
    AITpro Admin
    Keymaster

    Email Question:

    Host: godaddy
    Server: apache
    OS: linux
    Server api: CGI
    Site: single use

    Issue:
    Security log is constantly being hit with 403 errors. I deleted log last night to reset and see what it does and little less than 24 hrs it had grown to 84 KB and I didn’t count all of them, but approximately +140 count of 403 errors generated (I stopped half way counting at 70 errors). My site is not that well known, but not sure it matters nowadays. Is this normal behavior? This log is new I believe (sorry Im sick and a little out of it) so just not sure what to expect or if I should be concerned.

    John

    #1455
    AITpro Admin
    Keymaster

    First off the Security Log is just letting you know that BPS Pro is working/blocking hackers/blocking probes/scans/recon/etc etc etc. so you do not want to put too much of your time and attention into looking at the Security Log file.  BPS Pro has had a Security Log for many versions, but in BPS Pro 5.5 we created a designated page primarily to make it quick, easy and convenient to check for any plugin script problems with the Plugin Firewall or files in the uploads folder being blocked by UAEG.

    You want to check and make sure that none of the log entries / HTTP errors are due to the Plugin Firewall blocking a plugin script or that any legitimate files are being blocked in your uploads folder by UAEG.  See the log entries posted above for examples of plugin script errors in your Security Log file. After you have gone through your Security Log and you do not find any errors related to plugin scripts or your uploads folder (UAEG) then you can just turn off the Dashboard alerts.  Your Security Log file is automatically zipped and emailed to you and deleted when it reaches a certain size that you choose in S-Monitor (256KB, 500KB or 1MB).  So there is no need for you to manually delete the Security Log file – BPS Pro completely automates the process of managing your Log files already.

    On average the AITpro sites log 1,500 hacking attempts/bot probes/scans/spammers/etc etc etc in the Security Logs.  So 140 logged events is not that many relative to the AITpro sites, but does seem a little high.  If you have a popular/higher trafficed site than the number of logged events will naturally always be higher then a less popular/lower trafficked site.

    #2596
    hcri50
    Participant

    [Forum Topic merged into this relevant Topic]

    I am now getting an error from my Font Plugin. Do I need to while list these paths??

    /wp-content/plugins/font/AjaxProxy.php
    /wp-content/plugins/font/js/jquery.jcarousel.min.js?ver=3.5.1
    /wp-content/plugins/font/js/colorpicker.js?ver=3.5.1
    /wp-content/plugins/font/js/jquery.fontPlugin.js?ver=3.5.1
    /wp-content/plugins/font/js/pluginscripts.js?ver=3.5.1
    /wp-content/plugins/wptextresizecontrols//text.js?ver=3.5.1

    Here is the error that I am getting

    BPS PRO SECURITY / HTTP ERROR LOG
    =================================
    =================================
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - March 7, 2013 - 3:51 am <<<<<<<<<<<
    REMOTE_ADDR: 66.249.75.48
    Host Name: crawl-66-249-75-48.googlebot.com
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/plugins/font/AjaxProxy.php
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - March 7, 2013 - 4:14 am <<<<<<<<<<<
    REMOTE_ADDR: 173.190.182.231
    Host Name: h231.182.190.173.ip.windstream.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.homesteadcentennialclass.com/
    REQUEST_URI: /wp-content/plugins/font/js/jquery.jcarousel.min.js?ver=3.5.1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - March 7, 2013 - 4:15 am <<<<<<<<<<<
    REMOTE_ADDR: 173.190.182.231
    Host Name: h231.182.190.173.ip.windstream.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.homesteadcentennialclass.com/
    REQUEST_URI: /wp-content/plugins/font/js/colorpicker.js?ver=3.5.1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - March 7, 2013 - 4:15 am <<<<<<<<<<<
    REMOTE_ADDR: 173.190.182.231
    Host Name: h231.182.190.173.ip.windstream.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.homesteadcentennialclass.com/
    REQUEST_URI: /wp-content/plugins/font/js/jquery.fontPlugin.js?ver=3.5.1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - March 7, 2013 - 4:15 am <<<<<<<<<<<
    REMOTE_ADDR: 173.190.182.231
    Host Name: h231.182.190.173.ip.windstream.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.homesteadcentennialclass.com/
    REQUEST_URI: /wp-content/plugins/font/js/pluginscripts.js?ver=3.5.1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - March 7, 2013 - 4:16 am <<<<<<<<<<<
    REMOTE_ADDR: 173.190.182.231
    Host Name: h231.182.190.173.ip.windstream.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.homesteadcentennialclass.com/
    REQUEST_URI: /wp-content/plugins/wptextresizecontrols//text.js?ver=3.5.1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
    #2601
    AITpro Admin
    Keymaster

    @hcri50 – I have merged your Forum post into this Forum Topic.  This is going to be the designated Forum Topic for posting general Security Log entries pertaining to plugins scripts that need to whitelisted in the Plugin Firewall.  Please see the answer that is posted above in this Forum Topic on how to manually add plugins scripts from your Security Log to your Plugin Firewall Whitelist Text area.   Thanks.

    #2604
    AITpro Admin
    Keymaster

    Actually your post gives me the opportunity to show how Regular expressions (Regex) can be used to create less whitelisting rules for plugins that have several .js files that need to be whitelisted in the Plugin Firewall.

    This would be your whitelist rules without using Regex.  Note: the wptextresizecontrols plugin has 2 forward slashes in the path to this js file – /wptextresizecontrols//text.js – this should only be one forward slash.  Please notify the plugin author about this issue.

    /font/AjaxProxy.php, /font/js/jquery.jcarousel.min.js, /font/js/colorpicker.js, /font/js/jquery.fontPlugin.js, /font/js/pluginscripts.js, /wptextresizecontrols//text.js

    Using Regex to shorten the number of plugin script whitelist rules

    /font/AjaxProxy.php, /font/js/(.*).js, /wptextresizecontrols(.*)text.js
    #2611
    ibc
    Member

    My >>Security Log Alert is showing up in the red – when our customers log in at the top of the dashboard.How do I set it up to where only the admin can see it?

    #2613
    hcri50
    Participant

    Thank you very much. I will jump on this when I get to the office. THANK YOU

    robert

    #2616
    AITpro Admin
    Keymaster

    @ ibc – You can choose how you want BPS Pro alerts displayed to you on the BPS Pro S-Monitor page.

    Please click on the Monitoring and Alerting Options Blue Read Me help button for extensive help information about S-Monitor alerting options.

    Security Log: New Log Entry Has Been Logged: 
    When new Security Log entries are logged in your Security Log file you are alerted by BPS that you have a new log entry. You can choose to have Security Log Alerts displayed in your WP Dashboard, in BPS pages Only or turn Alerts Off. You can also choose to have Security Log Alerts and log files emailed to you with Email Alerting & Log File Options. The Security Log Alert contains a link to the B-Core Security Log page.

    #2924
    hcri50
    Participant

    Do I have to keep resetting my Security Alert ?? Or can I just leave it alone and not worry about it. Are these attempts of people trying to break into the site??

    BPS PRO SECURITY / HTTP ERROR LOG
    =================================
    =================================
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - March 12, 2013 - 10:18 pm <<<<<<<<<<<
    REMOTE_ADDR: 50.96.12.215
    Host Name: h215.12.96.50.dynamic.ip.windstream.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.homesteadcentennialclass.com/reunion-1970/
    REQUEST_URI: /wp-content/plugins/wptextresizecontrols//text.js?ver=3.5.1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - March 12, 2013 - 10:23 pm <<<<<<<<<<<
    REMOTE_ADDR: 50.96.12.215
    Host Name: h215.12.96.50.dynamic.ip.windstream.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.homesteadcentennialclass.com/beatrice-high-school/
    REQUEST_URI: /?s=Search+this+website...
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - March 12, 2013 - 10:29 pm <<<<<<<<<<<
    REMOTE_ADDR: 50.96.12.215
    Host Name: h215.12.96.50.dynamic.ip.windstream.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.homesteadcentennialclass.com/
    REQUEST_URI: /wp-content/plugins/wptextresizecontrols//text.js?ver=3.5.1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - March 12, 2013 - 10:35 pm <<<<<<<<<<<
    REMOTE_ADDR: 188.92.76.167
    Host Name: 188.92.76.167
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //fumusegi.upya.org/info/letterstoann.com/
    REQUEST_URI: /
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - March 12, 2013 - 10:41 pm <<<<<<<<<<<
    REMOTE_ADDR: 50.96.12.215
    Host Name: h215.12.96.50.dynamic.ip.windstream.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.homesteadcentennialclass.com/early_beatrice/
    REQUEST_URI: /wp-content/plugins/wptextresizecontrols//text.js?ver=3.5.1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - March 13, 2013 - 12:55 am <<<<<<<<<<<
    REMOTE_ADDR: 75.45.2.168
    Host Name: adsl-75-45-2-168.dsl.scrm01.sbcglobal.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.homesteadcentennialclass.com/
    REQUEST_URI: /wp-content/plugins/wptextresizecontrols//text.js?ver=3.5.1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - March 13, 2013 - 1:01 am <<<<<<<<<<<
    REMOTE_ADDR: 70.199.81.33
    Host Name: 33.sub-70-199-81.myvzw.com
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.homesteadcentennialclass.com/
    REQUEST_URI: /wp-content/plugins/wptextresizecontrols//text.js?ver=3.5.1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17
    #2926
    AITpro Admin
    Keymaster

    You can ignore all of these errors except for the one that is telling you that the Plugin Firewall is blocking a front loading plugin script.  You can turn Security Log alerts Off on the BPS Pro S-Monitor page.

    Add this plugin script to the Whitelist Text area, click the Save Whitelist Options button and activate the Plugin Firewall again.  Whitelist plugin scripts MUST be separated by a comma and a space.

    Example Format:

    /some-plugin-folder-name/example-plugin-script.js, /another-plugin-folder-name/another-example-plugin-script.js

    Whitelist rule:

    /wptextresizecontrols/(.*)text.js

    Click on the Plugin Firewall Blue Read Me help button on the B-Core Security Modes page for help on adding/whitelisting plugin scripts manually to the Whitelist Text Area.

    #9308
    MMG
    Participant

    Since installing W3TC wordpress plugin, I am receiving these errors. Can you recommend if I should add whitelist rules?

    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - September 4, 2013 - 11:53 am <<<<<<<<<<<
    REMOTE_ADDR: 54.240.144.63
    Host Name: server-54-240-144-63.iad12.r.cloudfront.net
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 184.147.88.5
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/cache/minify/000000/lY5dDsIwDIMv1DbaQAJxm7JFbar-0aQCbk83Dd55s51Pjr1I5RuADfZlXCkuoq3EZilpzyDSnSE8OrY3TOZi5sOYRNkEVv6Pgk6j4mrm6fC607fmdEQ_oRO5ZgU3QE3AvjRZyoqsexRK4wKBgTKJOsN4ljCLbljjvkw9q7brEBtULfOztFWzNMxOvE4o2DbuAw.js
    QUERY_STRING:
    HTTP_USER_AGENT: Amazon CloudFront
    
    
    #9314
    AITpro Admin
    Keymaster

    The most logical thing to try first would be a skip/bypass rule for the cache folder.

    Note: Minifying in general can cause various undesirable results for a website.  This may or may not impact the BPS Pro Plugin Firewall depending on what plugin scripts are minified.  This is just a note as a heads up for other possible problems to look out for and is not a recommendation of any kind.

    1. Copy this code below to this BPS Custom Code text box:  CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES: Add personal plugin/theme skip/bypass rules here 
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.
    Note: If your WordPress installation/website is in a folder named /MyWordPressFolderName/ then add your WordPress folder name in the path: example: RewriteCond %{REQUEST_URI} ^/MyWordPressFolderName/wp-content/cache/minify/ [NC]

    # W3TC Minify skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/cache/minify/ [NC]
    RewriteRule . - [S=13]

    If the code above does not work then try this next…

    # W3TC Minify skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/cache/minify/(.*)\.js [NC]
    RewriteRule . - [S=13]
Viewing 15 posts - 1 through 15 (of 15 total)
  • You must be logged in to reply to this topic.