Event Espresso Attendee Mover – 403 error

Home Forums BulletProof Security Pro Event Espresso Attendee Mover – 403 error

This topic contains 2 replies, has 2 voices, and was last updated by  Rob B 1 year, 5 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #32078

    Rob B
    Participant

    I am using Event Espresso 4 Atendee Mover
    The plugin conflicts with BPS
    Below are the log files related to the failure;
    ip ans domain removed

    [403 GET Request: January 7, 2017 - 1:35 pm]
    BPS: .54.2
    Event Code: WPADMIN-SBR
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: xx.xx.xxx.xx
    Host Name: xx.xx.xxx.xx.example.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://example.com/concerts/wp-admin/admin.php?page=espresso_registrations&action=edit_attendee_selections&_REG_ID=4713&edit_attendee_selections_nonce=c0607ca575
    REQUEST_URI: /concerts/wp-json/ee/v4.8.36/events?limit%5B%5D=0&limit%5B%5D=10&caps=read_admin&where%5BDatetime.DTT_EVT_end%5D%5B%5D=%3E&where%5BDatetime.DTT_EVT_end%5D%5B%5D=2017-01-07T13%3A35%3A00&where%5BEVT_name%5D%5B%5D=like&where%5BEVT_name%5D%5B%5D=%25ozar%25&include=EVT_ID%2C+EVT_name%2C+Datetime.DTT_name%2C+Datetime.DTT_EVT_start%2C+Datetime.DTT_EVT_end%2C+Datetime.DTT_is_primary%2C+Datetime.DTT_reg_limit%2C+Datetime.DTT_sold&_wpnonce=67c9a811e3&_=1483817709392
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
    
    [403 GET Request: January 7, 2017 - 1:35 pm]
    BPS: .54.2
    Event Code: WPADMIN-SBR
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: xx.xx.xxx.xx
    Host Name: xx.xx.xxx.xx.example.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://example.com/concerts/wp-admin/admin.php?page=espresso_registrations&action=edit_attendee_selections&_REG_ID=4713&edit_attendee_selections_nonce=c0607ca575
    REQUEST_URI: /concerts/wp-json/ee/v4.8.36/events?limit%5B%5D=0&limit%5B%5D=10&caps=read_admin&where%5BDatetime.DTT_EVT_end%5D%5B%5D=%3E&where%5BDatetime.DTT_EVT_end%5D%5B%5D=2017-01-07T13%3A35%3A00&where%5BEVT_name%5D%5B%5D=like&where%5BEVT_name%5D%5B%5D=%25ozark%25&include=EVT_ID%2C+EVT_name%2C+Datetime.DTT_name%2C+Datetime.DTT_EVT_start%2C+Datetime.DTT_EVT_end%2C+Datetime.DTT_is_primary%2C+Datetime.DTT_reg_limit%2C+Datetime.DTT_sold&_wpnonce=67c9a811e3&_=1483817709393
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

    I added;

    # Event Esresso Atendee Mover admin.php skip/bypass rule
    RewriteCond %{REQUEST_URI} (admin\.php) [NC]
    RewriteRule . - [S=2]

    CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES:
    saved the file and activated it.

    Same error
    Please help with correct skip bypass role

    #32080

    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    The 403 error is being caused by an angle bracket ">" or "%3E" in the Query String here: DTT_EVT_end%5D%5B%5D=%3E.  To whitelist this Query String create this whitelist rule below.  Note: The Security Log Event Code: WPADMIN-SBR is misleading in this particular case since the Referrer is an internal /wp-admin/ URI. The whitelist rule needs to be created for/in the Root htaccess file.

    1. Copy the code below to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
    2. Click the Save Root Custom Code button.
    3. Go to the Security Modes tab page and click the Root Folder BulletProof Mode Activate button.

    # Event Espresso Attendee Mover Query String skip/bypass rule
    RewriteCond %{QUERY_STRING} limit%5B%5D=(.*) [NC]
    RewriteRule . - [S=13]
    #32081

    Rob B
    Participant

    That did the trick.

    Thanks

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.