WooCommerce PDF Download 403 error

Home Forums BulletProof Security Pro WooCommerce PDF Download 403 error

This topic contains 5 replies, has 2 voices, and was last updated by  AITpro Admin 3 years, 1 month ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #20825

    Jan Wessels

    I have a download link on a page which triggers a 403 error instead of downloading the pdf-file.
    How can I resolve this from happening?


    AITpro Admin

    Is this a custom download link?  Is the download link created by a plugin or theme?  If so, post the name of that plugin or theme. Post a Security Log entry that shows the 403 error for a pdf download.


    Jan Wessels

    The download link is created by the theme and woocommerce.
    Theme: http://themeforest.net/item/wplms-learning-management-system/6780226

    [403 GET / HEAD Request: 9 Februari 2015 - 15:03]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    HTTP_REFERER: http://www.dyhme.com/?post_type=unit&p=2885&edit
    REQUEST_URI: /wp-content/uploads/woocommerce_uploads/2014/11/20141126-Test.pdf
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36

    AITpro Admin

    BPS Pro Uploads Anti-Exploit Guard (UAEG) is blocking something about how the pdf download is being done.  PDF file types are not blocked by UAEG in your /uploads folder by default so there must be some other WooCommerce js or php scripts involved in the download process that are being blocked.

    Do the “RewriteEngine Off .htaccess File Method” in this forum topic:  http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/  The htaccess file goes in this folder:  /woocommerce_uploads/

    All files in the /my-subfolder/ folder will no longer be checked or blocked by UAEG.

    1. Open Notepad or Notepad++ (NOT Word or WordPad) on your computer.
    2. Add this one line of text in your new Notepad text file: RewriteEngine Off.
    3. Save the text file with this name: securityoff.htaccess.
    4. Upload the securityoff.htaccess file to the folder/directory where you want to turn security Off/prevent the parent .htaccess file from applying its security rules/directives in this folder. In this example case the folder would be: /wp-content/uploads/my-subfolder/.
    5. Rename the securityoff.htaccess file to .htaccess (removing securityoff from the file name).  /wp-content/uploads/my-subfolder/.htaccess

    All files in the /my-subfolder/ folder will no longer be checked or blocked by UAEG.


    Jan Wessels

    Thanks for the workaround, the download is working!
    Great support!


    AITpro Admin

    Great!  Thanks for confirming that worked.  That is a common permanent solution and not a workaround.  It is fairly common for plugins and themes that do something with downloads|uploads to create a subfolder in the /uploads folder and then use js or php scripts to call the files to|from that folder.

    Also See this forum topic for additional WooCommerce issues/problems: http://forum.ait-pro.com/forums/topic/woocommerce-read-me-first/

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.