Home › Forums › BulletProof Security Pro › Easy Pagination Plugin thumbnail images 403 error
Tagged: 403 error, Easy Pagination Plugin, thumbnail images
- This topic has 27 replies, 3 voices, and was last updated 11 years, 6 months ago by
FDSFD.
-
AuthorPosts
-
J Garner
ParticipantThe images are coming up now fine and I have indicated to the author of the plugin that I don’t really understand the idea of creating thumbnails like that on the fly for each and every person that checks out the page. It seems a lot better in my mind to create a thumbnail once and for all, using server resources and preventing the image from being cached by CDN etc are just a few of the side effects of using thumbnail.php each and every time, anyway I digress…
I got this error in the security log:
>>>>>>>>>>> 403 GET or Other Request Error Logged - mai 20, 2013 - 10:05 <<<<<<<<<<< REMOTE_ADDR: 66.249.73.135 Host Name: crawl-66-249-73-135.googlebot.com HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: 66.249.73.135 HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/plugins/easy-pagination/images/thumbnail.php?w=85&h=85&zc=1&src=http://domainname.com/wp-content/uploads/2013/05/file_name-159x300.jpg QUERY_STRING: HTTP_USER_AGENT: Googlebot-Image/1.0
Any thoughts on why that is happening even though the page displays the images?
Thanks,
John
AITpro Admin
KeymasterOk then you may also need to add this skip/bypass rule too.
1. Copy this .htaccess code to this Custom Code text box: CUSTOM CODE PLUGIN FIXES:
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.# Easy Pagination skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/plugins/easy-pagination/ [NC] RewriteRule . - [S=13]
AITpro Admin
KeymasterOops this is a Plugin Firewall issue. Add this whitelist rule below to the Plugin Firewall Whitelist Text area, click the Save Whitelist Options button and activate the Plugin Firewall again.
/easy-pagination/images/thumbnail.php
J Garner
ParticipantI actually already have (forgot to delete) the firewall rule that was added from further up here in the discussion, in the firewall rules.
When I checked the custom code, the rule was in there but I had put it in the admin plugin custom code. However I get the impression from what you are saying that the first firewall rule should have managed the issue!?
Thanks
AITpro Admin
KeymasterWell I do not know if you are actually completing all the steps to make these rules or skip/bypass rules active/in effect. Also there may be several different things that need to be whitelisted at the same time depending on what the plugin is doing and how it is doing it.
To check if your Plugin Firewall actually has this whitelist rule in it go to the htaccess File Editor page and look at your Your Current Plugins htaccess File tab. do you see the whitelist rule in the contents of your Plugin Firewall .htaccess file? It will look like this below. (NOTE: do not add this whitelist rule manually/directly to your Plugin Firewall .htaccess file – ALWAYS use the Whitelist Text Area tool).
SetEnvIf Request_URI "/easy-pagination/images/thumbnail.php$" whitelist
For Custom Code make sure you put the skip/bypass rule in the right place and then do all the necessary Custom Code steps to actually make the skip/bypass rule active/in effect/actually be added to your Root .htaccess file.
1. Copy this .htaccess code below to this Custom Code text box: Root Folder Custom Code CUSTOM CODE PLUGIN FIXES:
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.# Easy Pagination skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/plugins/easy-pagination/ [NC] RewriteRule . - [S=13]
J Garner
ParticipantI went through the steps above and it all seems fine also,
I have this in my plugin ffirewall .htaccess file:
SetEnvIf Request_URI "/easy-pagination/js/(.*).js$" whitelist SetEnvIf Request_URI "/easy-pagination/tinymce/(.*).js$" whitelist SetEnvIf Request_URI "/easy-pagination/images/thumbnail.php$" whitelist
And just checked that I have this in my root folder .htaccess file:
# CUSTOM CODE PLUGIN FIXES # Easy Pagination skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/plugins/easy-pagination/ [NC] RewriteRule . - [S=13]
AITpro Admin
KeymasterAnd did you check to make sure thumbnail.php is still whitelisted in this security filter in your root .htaccess file? I wonder if since this plugin is doing a nasty simulated RFI hacking attempt pattern/method against your website if you would also need to whitelist the Googlebot-image User Agent too? Try adding it as shown below.
# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE # Only Allow Internal File Requests From Your Website # To Allow Additional Websites Access to a File Use [OR] as shown below. # RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR] # RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.* RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR] RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC] RewriteRule .* index.php [F,L] RewriteCond %{REQUEST_URI} (thumbnail\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC] RewriteCond %{HTTP_REFERER} ^.*ait-pro.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^(.*Googlebot.*)$ [NC] RewriteRule . - [S=1]
AITpro Admin
KeymasterActually add the googlebot line of code like this.
RewriteCond %{HTTP_USER_AGENT} ^(.*Googlebot.*)$ [NC]
J Garner
ParticipantOK I’ve added all that.
Does that mean that any other search engine like Bing etc. will get shown to the door rather than getting the image because this uses a php file to generate the file rather than just serving an image created by the thumbnail code?
Do you know what the user agents are for the other main search engines ?
Thanks
AITpro Admin
KeymasterActually the Googlebot is still retrieving the image either way – with or without whitelisting the Googlebot. What is generating a 403 is the nasty way this plugin is simulating an RFI hacking attempt on your website. This is unfortunately a very common thing. Most plugins and themes are simulating RFI hacking attempts with timthumb image retrieval. I assume what has happened is that 1 person did this method and now everyone copies this nasty method and uses it in their plugins and themes.
If you see a 403 error for another good bot then you would just add it. here is an example of adding 2 more example good bots to that whitelist rule.
RewriteCond %{HTTP_USER_AGENT} ^(.*Googlebot.*|.*GoodBot1.*|.*AnotherGoodBot.*)$ [NC]
J Garner
ParticipantI hope that version that you have that allows to add more custom code is not far away, you could be right that re-creating the root .htaccess file I destroyed the custom code to allow for thumbnail to work?
Would it be possible to have like an advanced vs basic mode in the custom code warning people not to play with the advanced mode unless they reallu, really, really know what they are doing (which would exclude me of course 😉
AITpro Admin
KeymasterCustom Code is as basic as it can get right now. 😉
FYI – since the GoogleBot is actually able to get images without whitelisting the Googlebot you can do this other approach of just ignoring the nuisance 403 errors.
You would go to the Security Log page, add the GoogleBot User Agent too
FDSFD
Participanthave you tried those sample codes on rasteredge.com/how-to/vb-net-imaging/thumbnail-creating, if not, give a try. you may find it is helpful when you are resize images and upload images as thumbnail. the codes up here is also working fine with me.
-
AuthorPosts
- You must be logged in to reply to this topic.