Home › Forums › BulletProof Security Pro › Custom code 403 Forbidden error
Tagged: ModSecurity
- This topic has 3 replies, 2 voices, and was last updated 4 years, 6 months ago by AITpro Admin.
-
AuthorPosts
-
TerryParticipant
On trying to save the deflate code in box 1 of the custom code for the root htaccess file I get a 403 error. This happens on several sites with different plugins and themes. The code is below please advise on what may be preventing this code from being added to the htaccess file through custom code in BPS. I can add it manually and it works but of course that would be over written in an update.
<IfModule mod_deflate.c> # Compress HTML, CSS, JavaScript, Text, XML and fonts AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/vnd.ms-fontobject AddOutputFilterByType DEFLATE application/x-font AddOutputFilterByType DEFLATE application/x-font-opentype AddOutputFilterByType DEFLATE application/x-font-otf AddOutputFilterByType DEFLATE application/x-font-truetype AddOutputFilterByType DEFLATE application/x-font-ttf AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE font/opentype AddOutputFilterByType DEFLATE font/otf AddOutputFilterByType DEFLATE font/ttf AddOutputFilterByType DEFLATE image/svg+xml AddOutputFilterByType DEFLATE image/x-icon AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/javascript AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/xml # Remove browser bugs (only needed for really old browsers) BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html Header append Vary User-Agent </IfModule>
AITpro AdminKeymasterThat is a very common ModSecurity problem. The ModSecurity OWASP CRS Ruleset breaks the BPS Custom Code Forms and many other Forms in BPS. We are currently redesigning BPS to be “ModSecurity Proof”. We will be releasing a new BPS and BPS Pro version in 5-10 days. For now you will need to manually edit your Root htaccess file via your web host control panel file manager or
FTP
. Note: For the last year we have been advising folks to contact their web host support folks to create ModSecurity whitelist rules. That has been a complete failure and waste of time since 90% of the time web host support techs think they have fixed the ModSecurity problem, but it is not fixed or they do not have any idea how to fix the ModSecurity problems. So don’t even bother contacting your web host support folks.Ongoing ModSecurity Problems Related Topics:
https://forum.ait-pro.com/forums/topic/mod-security-common-known-problems/
https://forum.ait-pro.com/forums/topic/xampp-mod-security-setup-owasp-modsecurity-core-rule-set-setup/
https://wordpress.org/support/topic/custom-code-security-logging-setup-wizard-htaccess-file-editor-not-working/TerryParticipantHas there been any update to solve this problem. I am having people that I referred to use BPS Pro contact me as well about this issue. As you stated I added the code manually to the htaccess file but when we do a BPS setup it removes it so do we have to manually add the code to enable compression every time we rerun BPS setup? This isn’t very efficient.
AITpro AdminKeymasterWe added Custom Code Encrypt and Decrypt buttons to bypass/evade ModSecurity in BPS Pro 14.1 on August 26, 2019 > https://www.ait-pro.com/aitpro-blog/5567/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-14-1/. The most current version of BPS Pro is: 14.5. If you are using an older version of BPS Pro then upgrade to BPS Pro 14.5. If your web host is blocking BPS Pro plugin upgrade notifications then use the manual BPS Pro upgrade steps in this forum topic > https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-bps-pro-upgrade-installation-methods/
-
AuthorPosts
- You must be logged in to reply to this topic.