Search causes 403 error

[hcri50]

BPS PRO SECURITY / HTTP ERROR LOG
=================================
=================================

>>>>>>>>>>> 403 GET or Other Request Error Logged - March 6, 2013 - 9:13 pm <<<<<<<<<<<
REMOTE_ADDR: 50.96.12.97
Host Name: h97.12.96.50.dynamic.ip.windstream.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://www.homesteadcentennialclass.com/how-to-contact-us/
REQUEST_URI: /?s=Search+this+website...
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17

[AITpro Admin]

This issue is no longer an issue/problem in the most current versions of BPS and BPS Pro

Your Theme MyCuisine has a search window that is displaying this:  Search This Website… as the default search window text.  When someone does not enter anything into the search window the search is performed using the default text which is triggering a 403 error because of the 3 dots:  …  Dots are a coding character and 3 dots together violates the BPS security filter below.

You can either comment out this security filter in the BPS root .htaccess file or you can change the default text in the search window and remove the 3 dots.

RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]

[hcri50]

THANK YOU SO MUCH FOR HELPING ME ON THIS. I added that to the end of the  .htaccess in the root directory. And it solved my problem. YOU ARE FANTASTIC. Truly the best plugin 

[Todd]

I don’t have BPS Pro but I have a similar issue and this is the only thread I could find that addresses my issue with search. When someone adds an apostrophe in their search term: (example – Men’s Group) they receive the 403 page. I know I can comment this out in the root .htaccess file, but the ‘ and corresponding %27 appears in several locations. Is that how I am supposed to do it? Comment out all of these? It seems like that will make our site a lot less secure.

[403 GET Request: February 2, 2016 - 11:49 am]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 8.4.120.137
Host Name: 8.4.120.137
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://theinnerrevolution.org/
REQUEST_URI: /?s=Men%27s+Group
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.28 Safari/537.36

[403 GET Request: February 2, 2016 - 11:51 am]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 8.4.120.137
Host Name: 8.4.120.137
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://theinnerrevolution.org/?s=Men+and+The+Inner+Revolution
REQUEST_URI: /?s=Women%27s+
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.28 Safari/537.36

Thanks!

 

[Author]

Posts