Cornerstone X Theme Visual Editor – 403 error

Home Forums BulletProof Security Pro Cornerstone X Theme Visual Editor – 403 error

This topic contains 5 replies, has 2 voices, and was last updated by  rafaelmagic 2 years, 9 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #24919

    rafaelmagic
    Participant

    Admin,

    How are you? I am trying to get “X Theme” visual editor Cornerstone working correctly. The admin plugin/skip rule has me stumped.

    [403 GET / HEAD Request: September 10, 2015 - 11:23 pm]
    Event Code: WPADMIN-SBR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 192.XXX.XXX.
    Host Name: my server
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 45.51.170.254
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.Example.com/?cornerstone=1
    REQUEST_URI: /wp-admin/customize.php?url=http://www.Example.com/
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.22 Safari/537.36
    

    Head request are white listed and the following plugin bypass is not working. Any idea and thanks?

    #X Theme- CornerStone (plugin/skip)
    RewriteCond %{REQUEST_URI} (customize\.php) [NC]
    RewriteRule . - [S=1]
    
    #24921

    AITpro Admin
    Keymaster

    Try a wp-admin skip/bypass rule for the customize.php file.  See this similar forum topic:  http://forum.ait-pro.com/forums/topic/weaver-ii-theme-unable-to-update-a-page-403-error/#post-18533

    #24922

    rafaelmagic
    Participant

    The skip rule above was added to wp-admin but the secondary issue was a Query Strings in the wp-admin folder.
    So what does that string do? And isn’t the Skip/plugin rule suppose to white list from that String?
    Also their Cornerstone is preventing the Transients from erasing so I cant do a Manual BPS Pro Upgrade.
    I could let the themes Tech Support know, if you can pretty please tell me how that part is fixed.

    RewriteRule ^(.*)$ - [F]
    Its the last line of the Query Strings. Just Comment it out:
    #RewriteRule ^(.*)$ - [F]

    Thanks

    #24928

    AITpro Admin
    Keymaster

    The line of code you commented out turns off/negates all your htaccess security rules.  Send me an Administrator login to this website.

    #24936

    AITpro Admin
    Keymaster

    This wp-admin skip/bypass rule works.

    # X Theme CornerStone customize.php skip rule
    RewriteCond %{REQUEST_URI} (customize\.php) [NC]
    RewriteRule . - [S=2]

    The reason it was not working for you is because the Skip rule # was incorrect. By Default there is already a Skip rule in the wp-admin htaccess file. When you add another Skip rule it needs to be S=2. On your particular site you already had a Skip rule so this is the correct wp-admin Custom Code Skip rules for your site.

    # Yoast Facebook OpenGraph wp-admin plugin skip/bypass rule
    RewriteCond %{QUERY_STRING} page=wpseo_social&key=(.*) [NC]
    RewriteRule . - [S=3]
    
    # X Theme CornerStone customize.php skip rule
    RewriteCond %{REQUEST_URI} (customize\.php) [NC]
    RewriteRule . - [S=2]

    Other issues/problems found on this site:
    As soon as I logged in I saw this error message, but it only happened when I first logged in: Error reconnecting to the database.
    This site has an extremely old BPS Pro version installed. I tried to upgrade BPS Pro using the BPS Pro Upload Zip installer. This server or something installed on this server is blocking/ignoring/not allowing the BPS Pro upload zip installation. Do these installation steps so that you do not have to setup BPS Pro again.
    1. Delete the /bulletproof-security/ plugin folder using FTP.
    2. Install the BPS Pro 11 zip file using the WordPress Upload Zip installer.

    #24937

    rafaelmagic
    Participant

    Thanks Admin, rookie mistake. Here is the Plugin firewall whitelist, the following is the frontloading java, BPS Pro should add it automatically.

    /cornerstone/assets/js/dist/site/cs-head.min.js, /cornerstone/assets/js/dist/site/cs-body.min.js
Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.