Home › Forums › BulletProof Security Pro › Comprehensive Google Map Plugin does not display map
Tagged: Comprehensive Google Map
- This topic has 15 replies, 2 voices, and was last updated 10 years, 9 months ago by Gary M. Gordon.
-
AuthorPosts
-
AITpro AdminKeymaster
Email Question:
Sorry to bother you with this question, but I’m using a plugin: http://wordpress.org/support/plugin/comprehensive-google-map-plugin
And I’m not using any caching plugin on this site at http://www.arvinepipe.com/
The issue is, (very often, but not always) when I visit the map and directions page, the MAP (that is located down below on that page) sometimes doesn’t seem to load up. All I get is a graphic indicating it’s trying to load.
But, as soon as I log into the site, then it works fine.
I was curious if there might be an issue (with BPS Pro) that could be blocking something with this plugin. I’ve already tried previously deactivating all plugins, but didn’t notice a change. But since it doesn’t happen immediately when I log out of the site, it’s hard to tell what could be causing this.
I was just curious if you might know if it could be caused with the plugin firewall or something in BPS.
Anything you can think of to help would be appreciated.
AITpro AdminKeymasterCheck your BPS Pro Security Log for any log entries that have the Comprehensive Google Map Plugin name/path in the log entry. If you see a log entry with this plugin’s name/path then next do the Standard BPS Pro troubleshooting steps to isolate which security feature is causing this issue.
Standard BPS Pro troubleshooting steps.
http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshootingOnce you have done these things above and confirmed that BPS Pro is blocking something in this plugin and you have isolated which security feature that is then post the Security Log entry that was logged for this plugin.
Gary M. GordonParticipantEd,
I’ve disabled BPS Pro, and since doing this, the Google Map plugin seems to be working perfectly fine.
In addition, I believe BPS Pro is also blocking another issue with Formidable Pro (plugin).
Here’s the information in my Security Log for both:
>>>>>>>>>>> 403 GET or HEAD Request Error Logged - January 27, 2014 - 9:42 am <<<<<<<<<<< SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.arvinepipe.com/map-and-directions/ REQUEST_URI: /wp-content/plugins/comprehensive-google-map-plugin/assets/js/cgmp.framework.min.js?ver=9.0.20 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 4.1.2; SAMSUNG-SGH-I317 Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.99 Mobile Safari/537.36 >>>>>>>>>>> 403 GET or HEAD Request Error Logged - January 27, 2014 - 11:55 am <<<<<<<<<<< SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.arvinepipe.com/contact/ REQUEST_URI: /wp-content/plugins/formidable/js/formidable.min.js?ver=1.07.04 QUERY_STRING: HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Please, if you agree that it is BPS Pro that is blocking something, let me know what I need to do.
Thanks
GaryPS: Please block any of the information I provided above that should not be displayed publicly (for security reasons), if any.
Ever since I deactivated BPS Pro, all seems to be working fine.
AITpro AdminKeymasterI don’t know what “disabled BPS Pro” means. Which standard BPS Pro troubleshooting step are you referring too?
From the Security Log log entries these look like typical plugin scripts that need to be whitelisted in your Plugin Firewall. Your plugin script whitelist rules are below. You can either click the Plugin Firewall Blue Read Me help button or click 1 of the help reference links below for how to add these additional plugin script whitelist rules.
/comprehensive-google-map-plugin/assets/js/(.*).js, /formidable/js/(.*).js
Help Reference Links
http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/http://forum.ait-pro.com/video-tutorials/#security-log-firewall
Gary M. GordonParticipantThanks!!
Gary M. GordonParticipantQuestion.
I added /comprehensive-google-map-plugin/assets/js/(.*).js to the Activate Plugin Firewall Security Mode section. Since then I haven’t notice any issues, but then again, I don’t monitor this plugin’s functionality around the clock.
I just looked at the “Security Log” and I’m still seeing the following is listed:
REMOTE_ADDR: 112.198.64.52 Host Name: 112.198.64.52 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.arvinepipe.com/map-and-directions/ REQUEST_URI: /wp-content/plugins/comprehensive-google-map-plugin/assets/js/cgmp.framework.min.js?ver=9.0.20 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.76 Safari/537.36
Note the line:
REQUEST_URI: /wp-content/plugins/comprehensive-google-map-plugin/assets/js/cgmp.framework.min.js?ver=9.0.20
So I’m curious why this might still be showing up in the security log?
Do I need to worry about this?
When I see something like this in the “Security Log” .. what does it mean? Do I need to be worried about it?
Thanks,
GaryAITpro AdminKeymasterI went to this site and tested the google map and it is working without any issues. Displays correctly, entered “to here from here” information and the map displayed correct directions.
What is the date of the Security Log entry you posted? Is it a new log entry or an old log entry?
Watch this video tutorial which explains that the Security Log is a diagnostic troubleshooting tool as well as logging blocked hackers, spammers, scrapers, miners, harvesters, etc.
http://forum.ait-pro.com/video-tutorials/#security-log-firewall
I will install and test the Comprehensive Google Map Plugin on a testing site to see if there are any issues.
AITpro AdminKeymasterTest Results:
A Plugin Firewall whitelist rule is needed to whitelist this Comprehensive Google Map plugin script below. No other whitelist rules are needed.
/comprehensive-google-map-plugin/assets/js/(.*).js
Using the Hidemyass.com Proxy will generate a Security Log entry that indicates which plugin script is being blocked. The Hidemyass.com Proxy will not display the Comprehensive Google Map and you will just see “Loading…” since this plugin has other scripts that are blocked by the Hidemyass.com Proxy. The Hidemyass.com Proxy protects itself and will not load certain scripts to protect itself and will not display the Google Map ever, but by testing with the Proxy you are testing if any plugin scripts are being blocked by IP addresses that are not yours – ie website visitors to your website. That is what matters and not that the Google Map displays visually correct when trying to view it with a Proxy.
Gary M. GordonParticipantI have the plugin firewall rule set as you mentioned. So that’s good.
But, I’m confused by your added comments about Hidemyass.com. When you say “since this plugin has other scripts that are blocked by the Hidemyass.com Proxy” .. is BPS Pro using the Hidemyass proxy?? I guess I’m confused as to .. if I add /comprehensive-google-map-plugin/assets/js/(.*).js to the Plugin Firewall whitelist .. then how does “hidemyass” come into play?
I see that if I go to hidemyass.com and visit the page, that the Google Map plugin doesn’t work.
I hope you don’t mind my asking, but I’m just curious why you mentioned “hidemyass.com” and what it has to do with anything. Sorry for my ignorance on this.
Gary
AITpro AdminKeymasterI assumed that you watched the video tutorial link that I posted in my previous post that demonstrates and explains how to check your website with the hidemyass.com Proxy. You can of course use another Proxy, but I think that is the best one available.
This is an essential video tutorial (link posted again below) that explains how to check your website as if you are a visitor to your website. Using the hidemyass.com Proxy allows you to visit your website with a different IP address, which simulates that you are visitor to your website. The BPS Pro Plugin Firewall automatically whitelists your current IP address and dynamically updates your current IP address. So if you are checking your website normally/with your current IP address then everything will always display correctly to you since your IP address is always whitelisted in the Plugin Firewall. For frontloading plugin scripts that need to be whitelisted for all IP addresses you add a Plugin Firewall whitelist rule for those plugin scripts.
http://forum.ait-pro.com/video-tutorials/#security-log-firewall
How the Plugin Firewall works
http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/Proxies protect themselves. If a script is loading that the Proxy does not allow then it will block that script. Proxies are good for checking if things are blocked on your site to visitors to your site because you can check your website using a different IP address (simulates a visitor to your website) that the Proxy uses. Proxies are not good for checking if things are working correctly or displaying correctly since Proxies block scripts that they do not allow to load in their Proxy browser/Server/etc.
AITpro AdminKeymasterI noticed that the Plugin Firewall read me first topic did not have a plain/simple explanation of what whitelisting frontloading plugin scripts does so I just added this additional help info below to that topic.
Whitelisting frontloading plugin scripts allows those whitelisted plugin scripts to load on the frontside of your website for any IP address. This is completely safe to do since only the frontloading plugin script that you whitelist in the Plugin Firewall will load on the frontside of your website for all IP addresses (website visitor IP addresses) and all other plugin files will still remain protected/not accessible behind the Plugin Firewall to any other IP addresses except for your IP address.
Gary M. GordonParticipantI apologize for not watching the video first. I just did. Very helpful.
I added the scripts to the whitelist that needed to be.
But when I visit hidemyass.com .. I am still not seeing the “map” as expected. Is this just due to the other scripts that hidemyass isn’t allowing? Because (as you said) … ” The Hidemyass.com Proxy will not display the Comprehensive Google Map and you will just see “Loading…” since this plugin has other scripts that are blocked by the Hidemyass.com Proxy. ”
So I guess there’s no other way you can recommend to test things? Other than go to another location on another computer? Any other suggestions?
But I guess all is done and will work for anyone visiting the website.
So .. thanks,
Gary
AITpro AdminKeymasterYep, no big deal. I just assumed that we were already on the same page with the hidemyass.com Proxy thing.
Yes, you are correct that a Proxy will not always display things visually correct and a Proxy should not be used to test if things are working correctly on a website. We created the Plugin Firewall Test Mode, but it turned out to be more complicated & problematic to use vs just using a Proxy to check things, which is much simpler & quicker. By using a Proxy you are checking the one/only thing that needs to be checked regarding the Plugin Firewall – Are log entries being logged for anything that is being blocked for an IP address that is not your IP address in the BPS Pro Security Log. If anything else is being blocked in another plugin by BPS then you will see those log entries when using your own IP address. ie if the .htaccess files are blocking something in another plugin. Everything is logged in the Security Log so that troubleshooting is a no-brainer. What is being blocked is logged, which then tells you what needs to be whitelisted, such as an .htaccess plugin skip/bypass rule.
Bottom line if you see something logged in your BPS Pro Security Log that is not a blocked hacker or spammer or other malicious action then a whitelist rule needs to be created to allow whatever that is.
Gary M. GordonParticipantGot ya. Thanks for all of your support!!
AITpro AdminKeymasterAlso got to say that this plugin is really cool!
-
AuthorPosts
- You must be logged in to reply to this topic.