Custom code 403 Forbidden error

Home Forums BulletProof Security Pro Custom code 403 Forbidden error


Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
  • #37762

    On trying to save the deflate code in box 1 of the custom code for the root htaccess file I get a 403 error. This happens on several sites with different plugins and themes. The code is below please advise on what may be preventing this code from being added to the htaccess file through custom code in BPS. I can add it manually and it works but of course that would be over written in an update.

    <IfModule mod_deflate.c>
    # Compress HTML, CSS, JavaScript, Text, XML and fonts
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/
    AddOutputFilterByType DEFLATE application/x-font
    AddOutputFilterByType DEFLATE application/x-font-opentype
    AddOutputFilterByType DEFLATE application/x-font-otf
    AddOutputFilterByType DEFLATE application/x-font-truetype
    AddOutputFilterByType DEFLATE application/x-font-ttf
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE font/opentype
    AddOutputFilterByType DEFLATE font/otf
    AddOutputFilterByType DEFLATE font/ttf
    AddOutputFilterByType DEFLATE image/svg+xml
    AddOutputFilterByType DEFLATE image/x-icon
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/xml
    # Remove browser bugs (only needed for really old browsers)
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    Header append Vary User-Agent
    AITpro Admin

    That is a very common ModSecurity problem.  The ModSecurity OWASP CRS Ruleset breaks the BPS Custom Code Forms and many other Forms in BPS.  We are currently redesigning BPS to be “ModSecurity Proof”.  We will be releasing a new BPS and BPS Pro version in 5-10 days.  For now you will need to manually edit your Root htaccess file via your web host control panel file manager or FTP.  Note: For the last year we have been advising folks to contact their web host support folks to create ModSecurity whitelist rules.  That has been a complete failure and waste of time since 90% of the time web host support techs think they have fixed the ModSecurity problem, but it is not fixed or they do not have any idea how to fix the ModSecurity problems.  So don’t even bother contacting your web host support folks.

    Ongoing ModSecurity Problems Related Topics:


    Has there been any update to solve this problem. I am having people that I referred to use BPS Pro contact me as well about this issue. As you stated I added the code manually to the htaccess file but when we do a BPS setup it removes it so do we have to manually add the code to enable compression every time we rerun BPS setup? This isn’t very efficient.

    AITpro Admin

    We added Custom Code Encrypt and Decrypt buttons to bypass/evade ModSecurity in BPS Pro 14.1 on August 26, 2019 > The most current version of BPS Pro is: 14.5. If you are using an older version of BPS Pro then upgrade to BPS Pro 14.5. If your web host is blocking BPS Pro plugin upgrade notifications then use the manual BPS Pro upgrade steps in this forum topic >

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.