facebook Static HTML iFrame Tabs – 403 error

Home Forums BulletProof Security Pro facebook Static HTML iFrame Tabs – 403 error

This topic contains 1 reply, has 1 voice, and was last updated by  AITpro Admin 1 year, 10 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #30570

    AITpro Admin
    Keymaster

    Email Question:
    I have used the pro plugin for over a year and have learnt a lot about how it works. I have not added the additional iframe code to this site and would like Facebook to be able to call an HTML iframe using the static html page app. This is the security log for when this happens and facebook displays a blank page

    [403 POST Request: 17th June 2016 - 6:33 am]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 80.192.253.93
    Host Name: cpc77863-stav20-2-0-cust92.17-3.cable.virginm.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: POST
    HTTP_REFERER: https://staticxx.facebook.com/platform/page_proxy/r/hv09mZVdEP8.js
    REQUEST_URI: /?obox-fb=1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
    REQUEST BODY: signed_request=9O1kvlYjmaym8XzwRH_ghYi7l6-Wf-k1_GS3OYOgJvY.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTQ2NjE0MTYyN
    iwicGFnZSI6eyJpZCI6IjE1ODA2NDQ3Mzg4OTQzMjQiLCJhZG1pbiI6dHJ1ZX0sInVzZXIiOnsiY291bnRyeSI6ImdiIiwibG9jYWxlIjoiZW5fR0IiLCJhZ2UiOnsibWluIjoyMX19fQ

    please help.

    Many thanks

    #30571

    AITpro Admin
    Keymaster

    The BPS POST Request Attack Protection Bonus Custom Code was being used and required adding an additional whitelist rule for facebook Static HTML iFrame Tabs (highlighted in yellow below).

    # BPS POST Request Attack Protection
    RewriteCond %{REQUEST_METHOD} POST [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-cron.php [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-login.php [NC]
    # Whitelist the WordPress Theme Customizer
    RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php [NC]
    # Whitelist XML-RPC Pingbacks, JetPack and Remote Posting POST Requests
    RewriteCond %{REQUEST_URI} !^.*/xmlrpc.php [NC]
    # Whitelist Network|Multisite Signup POST Form Requests
    RewriteCond %{REQUEST_URI} !^.*/wp-signup.php [NC]
    # Whitelist Network|Multisite Activate POST Form Requests
    RewriteCond %{REQUEST_URI} !^.*/wp-activate.php [NC]
    # Whitelist Trackback POST Requests
    RewriteCond %{REQUEST_URI} !^.*/wp-trackback.php [NC]
    # Whitelist Comments POST Form Requests
    RewriteCond %{REQUEST_URI} !^.*/wp-comments-post.php [NC]
    # Whitelist facebook Static HTML iframe tabs POST Requests by Query String
    RewriteCond %{QUERY_STRING} !^obox-fb= [NC]
    RewriteRule ^(.*)$ - [F]
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.