Custom code 403 Forbidden error

Home Forums BulletProof Security Pro Custom code 403 Forbidden error

Tagged: 

This topic contains 1 reply, has 2 voices, and was last updated by  AITpro Admin 1 month, 4 weeks ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #37762

    Terry
    Participant

    On trying to save the deflate code in box 1 of the custom code for the root htaccess file I get a 403 error. This happens on several sites with different plugins and themes. The code is below please advise on what may be preventing this code from being added to the htaccess file through custom code in BPS. I can add it manually and it works but of course that would be over written in an update.

    <IfModule mod_deflate.c>
    # Compress HTML, CSS, JavaScript, Text, XML and fonts
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
    AddOutputFilterByType DEFLATE application/x-font
    AddOutputFilterByType DEFLATE application/x-font-opentype
    AddOutputFilterByType DEFLATE application/x-font-otf
    AddOutputFilterByType DEFLATE application/x-font-truetype
    AddOutputFilterByType DEFLATE application/x-font-ttf
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE font/opentype
    AddOutputFilterByType DEFLATE font/otf
    AddOutputFilterByType DEFLATE font/ttf
    AddOutputFilterByType DEFLATE image/svg+xml
    AddOutputFilterByType DEFLATE image/x-icon
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/xml
    
    # Remove browser bugs (only needed for really old browsers)
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    Header append Vary User-Agent
    </IfModule>
    #37763

    AITpro Admin
    Keymaster

    That is a very common ModSecurity problem.  The ModSecurity OWASP CRS Ruleset breaks the BPS Custom Code Forms and many other Forms in BPS.  We are currently redesigning BPS to be “ModSecurity Proof”.  We will be releasing a new BPS and BPS Pro version in 5-10 days.  For now you will need to manually edit your Root htaccess file via your web host control panel file manager or FTP.  Note: For the last year we have been advising folks to contact their web host support folks to create ModSecurity whitelist rules.  That has been a complete failure and waste of time since 90% of the time web host support techs think they have fixed the ModSecurity problem, but it is not fixed or they do not have any idea how to fix the ModSecurity problems.  So don’t even bother contacting your web host support folks.

    Ongoing ModSecurity Problems Related Topics:
    https://forum.ait-pro.com/forums/topic/mod-security-common-known-problems/
    https://forum.ait-pro.com/forums/topic/xampp-mod-security-setup-owasp-modsecurity-core-rule-set-setup/
    https://wordpress.org/support/topic/custom-code-security-logging-setup-wizard-htaccess-file-editor-not-working/

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.