Home › Forums › BulletProof Security Pro › Cornerstone X Theme Visual Editor – 403 error
- This topic has 5 replies, 2 voices, and was last updated 8 years ago by
rafaelmagic.
-
AuthorPosts
-
rafaelmagic
ParticipantAdmin,
How are you? I am trying to get “X Theme” visual editor Cornerstone working correctly. The admin plugin/skip rule has me stumped.
[403 GET / HEAD Request: September 10, 2015 - 11:23 pm] Event Code: WPADMIN-SBR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 192.XXX.XXX. Host Name: my server SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: 45.51.170.254 HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.Example.com/?cornerstone=1 REQUEST_URI: /wp-admin/customize.php?url=http://www.Example.com/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.22 Safari/537.36
Head request are white listed and the following plugin bypass is not working. Any idea and thanks?
#X Theme- CornerStone (plugin/skip) RewriteCond %{REQUEST_URI} (customize\.php) [NC] RewriteRule . - [S=1]AITpro Admin
KeymasterTry a wp-admin skip/bypass rule for the customize.php file. See this similar forum topic: http://forum.ait-pro.com/forums/topic/weaver-ii-theme-unable-to-update-a-page-403-error/#post-18533
ParticipantThe skip rule above was added to wp-admin but the secondary issue was a Query Strings in the wp-admin folder.
So what does that string do? And isn’t the Skip/plugin rule suppose to white list from that String?
Also their Cornerstone is preventing the Transients from erasing so I cant do a Manual BPS Pro Upgrade.
I could let the themes Tech Support know, if you can pretty please tell me how that part is fixed.RewriteRule ^(.*)$ - [F] Its the last line of the Query Strings. Just Comment it out: #RewriteRule ^(.*)$ - [F]
Thanks
KeymasterThe line of code you commented out turns off/negates all your htaccess security rules. Send me an Administrator login to this website.
KeymasterThis wp-admin skip/bypass rule works.
# X Theme CornerStone customize.php skip rule RewriteCond %{REQUEST_URI} (customize\.php) [NC] RewriteRule . - [S=2]The reason it was not working for you is because the Skip rule # was incorrect. By Default there is already a Skip rule in the wp-admin htaccess file. When you add another Skip rule it needs to be S=2. On your particular site you already had a Skip rule so this is the correct wp-admin Custom Code Skip rules for your site.
# Yoast Facebook OpenGraph wp-admin plugin skip/bypass rule RewriteCond %{QUERY_STRING} page=wpseo_social&key=(.*) [NC] RewriteRule . - [S=3] # X Theme CornerStone customize.php skip rule RewriteCond %{REQUEST_URI} (customize\.php) [NC] RewriteRule . - [S=2]Other issues/problems found on this site:
As soon as I logged in I saw this error message, but it only happened when I first logged in: Error reconnecting to the database.
This site has an extremely old BPS Pro version installed. I tried to upgrade BPS Pro using the BPS Pro Upload Zip installer. This server or something installed on this server is blocking/ignoring/not allowing the BPS Pro upload zip installation. Do these installation steps so that you do not have to setup BPS Pro again.
1. Delete the /bulletproof-security/ plugin folder using FTP.
2. Install the BPS Pro 11 zip file using the WordPress Upload Zip installer.ParticipantThanks Admin, rookie mistake. Here is the Plugin firewall whitelist, the following is the frontloading java, BPS Pro should add it automatically.
/cornerstone/assets/js/dist/site/cs-head.min.js, /cornerstone/assets/js/dist/site/cs-body.min.js
-
AuthorPosts
- You must be logged in to reply to this topic.