WooCommerce PDF Download 403 error

Home Forums BulletProof Security Pro WooCommerce PDF Download 403 error

This topic contains 5 replies, has 2 voices, and was last updated by  AITpro Admin 3 years, 4 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #20825

    Jan Wessels
    Participant

    Hi,
    I have a download link on a page which triggers a 403 error instead of downloading the pdf-file.
    How can I resolve this from happening?
    Thanks!

    #20829

    AITpro Admin
    Keymaster

    Is this a custom download link?  Is the download link created by a plugin or theme?  If so, post the name of that plugin or theme. Post a Security Log entry that shows the 403 error for a pdf download.

    #20830

    Jan Wessels
    Participant

    The download link is created by the theme and woocommerce.
    Theme: http://themeforest.net/item/wplms-learning-management-system/6780226

    [403 GET / HEAD Request: 9 Februari 2015 - 15:03]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.dyhme.com/?post_type=unit&p=2885&edit
    REQUEST_URI: /wp-content/uploads/woocommerce_uploads/2014/11/20141126-Test.pdf
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
    #20835

    AITpro Admin
    Keymaster

    BPS Pro Uploads Anti-Exploit Guard (UAEG) is blocking something about how the pdf download is being done.  PDF file types are not blocked by UAEG in your /uploads folder by default so there must be some other WooCommerce js or php scripts involved in the download process that are being blocked.

    Do the “RewriteEngine Off .htaccess File Method” in this forum topic:  http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/  The htaccess file goes in this folder:  /woocommerce_uploads/

    All files in the /my-subfolder/ folder will no longer be checked or blocked by UAEG.

    1. Open Notepad or Notepad++ (NOT Word or WordPad) on your computer.
    2. Add this one line of text in your new Notepad text file: RewriteEngine Off.
    3. Save the text file with this name: securityoff.htaccess.
    4. Upload the securityoff.htaccess file to the folder/directory where you want to turn security Off/prevent the parent .htaccess file from applying its security rules/directives in this folder. In this example case the folder would be: /wp-content/uploads/my-subfolder/.
    5. Rename the securityoff.htaccess file to .htaccess (removing securityoff from the file name).  /wp-content/uploads/my-subfolder/.htaccess

    All files in the /my-subfolder/ folder will no longer be checked or blocked by UAEG.

    #20843

    Jan Wessels
    Participant

    Hi,
    Thanks for the workaround, the download is working!
    Great support!

    #20844

    AITpro Admin
    Keymaster

    Great!  Thanks for confirming that worked.  That is a common permanent solution and not a workaround.  It is fairly common for plugins and themes that do something with downloads|uploads to create a subfolder in the /uploads folder and then use js or php scripts to call the files to|from that folder.

    Also See this forum topic for additional WooCommerce issues/problems: http://forum.ait-pro.com/forums/topic/woocommerce-read-me-first/

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.