WooCommerce PDF Download 403 error

Home Forums BulletProof Security Pro WooCommerce PDF Download 403 error

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #20825
    Jan Wessels
    Participant

    Hi,
    I have a download link on a page which triggers a 403 error instead of downloading the pdf-file.
    How can I resolve this from happening?
    Thanks!

    #20829
    AITpro Admin
    Keymaster

    Is this a custom download link?  Is the download link created by a plugin or theme?  If so, post the name of that plugin or theme. Post a Security Log entry that shows the 403 error for a pdf download.

    #20830
    Jan Wessels
    Participant

    The download link is created by the theme and woocommerce.
    Theme: http://themeforest.net/item/wplms-learning-management-system/6780226

    [403 GET / HEAD Request: 9 Februari 2015 - 15:03]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.dyhme.com/?post_type=unit&p=2885&edit
    REQUEST_URI: /wp-content/uploads/woocommerce_uploads/2014/11/20141126-Test.pdf
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
    #20835
    AITpro Admin
    Keymaster

    BPS Pro Uploads Anti-Exploit Guard (UAEG) is blocking something about how the pdf download is being done.  PDF file types are not blocked by UAEG in your /uploads folder by default so there must be some other WooCommerce js or php scripts involved in the download process that are being blocked.

    Do the “RewriteEngine Off .htaccess File Method” in this forum topic:  http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/  The htaccess file goes in this folder:  /woocommerce_uploads/

    All files in the /my-subfolder/ folder will no longer be checked or blocked by UAEG.

    1. Open Notepad or Notepad++ (NOT Word or WordPad) on your computer.
    2. Add this one line of text in your new Notepad text file: RewriteEngine Off.
    3. Save the text file with this name: securityoff.htaccess.
    4. Upload the securityoff.htaccess file to the folder/directory where you want to turn security Off/prevent the parent .htaccess file from applying its security rules/directives in this folder. In this example case the folder would be: /wp-content/uploads/my-subfolder/.
    5. Rename the securityoff.htaccess file to .htaccess (removing securityoff from the file name).  /wp-content/uploads/my-subfolder/.htaccess

    All files in the /my-subfolder/ folder will no longer be checked or blocked by UAEG.

    #20843
    Jan Wessels
    Participant

    Hi,
    Thanks for the workaround, the download is working!
    Great support!

    #20844
    AITpro Admin
    Keymaster

    Great!  Thanks for confirming that worked.  That is a common permanent solution and not a workaround.  It is fairly common for plugins and themes that do something with downloads|uploads to create a subfolder in the /uploads folder and then use js or php scripts to call the files to|from that folder.

    Also See this forum topic for additional WooCommerce issues/problems: http://forum.ait-pro.com/forums/topic/woocommerce-read-me-first/

    #38194
    Alex Laxton
    Participant

    The nice solution I got for this Error while finding the solution on google I came across this forum and read the solution provided by the admin.

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.