Home › Forums › BulletProof Security Pro › Corner Ad – 403 error
- This topic has 0 replies, 1 voice, and was last updated 8 years, 10 months ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
The Corner Ad plugin requires 3 whitelist rules.
[403 GET / HEAD Request: June 2, 2015 - 9:13 am] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 202.153.223.248 Host Name: 202-153-223-248.cust.aussiebb.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.ultracut.com.au/ REQUEST_URI: /wp-content/plugins/corner-ad/js/cornerAd.swf?toCall=http%253A%252F%252Fwww.ultracut.com.au%252F%253Fcorner_ad%253D1&alignTo=tr&mirror=true&colorIn=FFFFFF&audioPath=&adUrl=http%3A//www.ultracut.com.au/_brochures/2015/_Ultracut%202015%20Brochure.swf&openIn=-1&closeIn=-1&target=_blank&imgPath=http://www.ultracut.com.au/wp-content/uploads/2015/05/Ultracut-2015-Brochure-CORNER-AD-RH-500x500.jpg&isBig=true QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36
1. Requires a Plugin Firewall whitelist rule: A Plugin Firewall whitelist rule should be automatically created by Plugin Firewall AutoPilot Mode. If the Corner Ad swf file whitelist rule is not automatically created then add this whitelist rule to the Plugin Firewall Whitelist Text Area:
/corner-ad/js/cornerAd.swf
2. Requires a Timthumb Misc File whitelist rule: Requires whitelisting the cornerAd.swf filename in the TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE security code.
1. Copy the code below to this Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE: Add additional Referers and/or misc file names. IMPORTANT! Change the HTTP_REFERER example.com domain name to your actual domain/website’s name.
2. Save your new custom code by clicking the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE # Use BPS Custom Code to modify/edit/change this code and to save it permanently. # Remote File Inclusion (RFI) security rules # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR] RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC] RewriteRule .* index.php [F] # # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php) RewriteCond %{REQUEST_URI} (cornerAd\.swf|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC] # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).* RewriteCond %{HTTP_REFERER} ^.*example.com.* RewriteRule . - [S=1]
3. Requires a Plugin skip/bypass rule:
1. Copy the code below to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.# Corner Ad plugin skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/plugins/corner-ad/ [NC] RewriteRule . - [S=13]
-
AuthorPosts
- You must be logged in to reply to this topic.