Custom code 403 Forbidden error

[Terry]

On trying to save the deflate code in box 1 of the custom code for the root htaccess file I get a 403 error. This happens on several sites with different plugins and themes. The code is below please advise on what may be preventing this code from being added to the htaccess file through custom code in BPS. I can add it manually and it works but of course that would be over written in an update.

<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml

# Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
</IfModule>

[AITpro Admin]

That is a very common ModSecurity problem.  The ModSecurity OWASP CRS Ruleset breaks the BPS Custom Code Forms and many other Forms in BPS.  We are currently redesigning BPS to be “ModSecurity Proof”.  We will be releasing a new BPS and BPS Pro version in 5-10 days.  For now you will need to manually edit your Root htaccess file via your web host control panel file manager or FTP.  Note: For the last year we have been advising folks to contact their web host support folks to create ModSecurity whitelist rules.  That has been a complete failure and waste of time since 90% of the time web host support techs think they have fixed the ModSecurity problem, but it is not fixed or they do not have any idea how to fix the ModSecurity problems.  So don’t even bother contacting your web host support folks.

Ongoing ModSecurity Problems Related Topics:
https://forum.ait-pro.com/forums/topic/mod-security-common-known-problems/
https://forum.ait-pro.com/forums/topic/xampp-mod-security-setup-owasp-modsecurity-core-rule-set-setup/
https://wordpress.org/support/topic/custom-code-security-logging-setup-wizard-htaccess-file-editor-not-working/

[Terry]

Has there been any update to solve this problem. I am having people that I referred to use BPS Pro contact me as well about this issue. As you stated I added the code manually to the htaccess file but when we do a BPS setup it removes it so do we have to manually add the code to enable compression every time we rerun BPS setup? This isn’t very efficient.

[AITpro Admin]

We added Custom Code Encrypt and Decrypt buttons to bypass/evade ModSecurity in BPS Pro 14.1 on August 26, 2019 > https://www.ait-pro.com/aitpro-blog/5567/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-14-1/. The most current version of BPS Pro is: 14.5. If you are using an older version of BPS Pro then upgrade to BPS Pro 14.5. If your web host is blocking BPS Pro plugin upgrade notifications then use the manual BPS Pro upgrade steps in this forum topic > https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-bps-pro-upgrade-installation-methods/

[Author]

Posts