facebook Static HTML iFrame Tabs – 403 error

Home Forums BulletProof Security Pro facebook Static HTML iFrame Tabs – 403 error

Tagged: , ,

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • August 12, 2016 at 10:09 am #30570
    AITpro Admin
    Keymaster

    Email Question:
    I have used the pro plugin for over a year and have learnt a lot about how it works. I have not added the additional iframe code to this site and would like Facebook to be able to call an HTML iframe using the static html page app. This is the security log for when this happens and facebook displays a blank page

    [403 POST Request: 17th June 2016 - 6:33 am]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 80.192.253.93
Host Name: cpc77863-stav20-2-0-cust92.17-3.cable.virginm.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: POST
HTTP_REFERER: https://staticxx.facebook.com/platform/page_proxy/r/hv09mZVdEP8.js
REQUEST_URI: /?obox-fb=1
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
REQUEST BODY: signed_request=9O1kvlYjmaym8XzwRH_ghYi7l6-Wf-k1_GS3OYOgJvY.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTQ2NjE0MTYyN
iwicGFnZSI6eyJpZCI6IjE1ODA2NDQ3Mzg4OTQzMjQiLCJhZG1pbiI6dHJ1ZX0sInVzZXIiOnsiY291bnRyeSI6ImdiIiwibG9jYWxlIjoiZW5fR0IiLCJhZ2UiOnsibWluIjoyMX19fQ

    please help.

    Many thanks

    August 12, 2016 at 10:16 am #30571
    AITpro Admin
    Keymaster

    The BPS POST Request Attack Protection Bonus Custom Code was being used and required adding an additional whitelist rule for facebook Static HTML iFrame Tabs (highlighted in yellow below).

    # BPS POST Request Attack Protection
RewriteCond %{REQUEST_METHOD} POST [NC]
# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]
# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
RewriteCond %{REQUEST_URI} !^.*/wp-cron.php [NC]
# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
RewriteCond %{REQUEST_URI} !^.*/wp-login.php [NC]
# Whitelist the WordPress Theme Customizer
RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php [NC]
# Whitelist XML-RPC Pingbacks, JetPack and Remote Posting POST Requests
RewriteCond %{REQUEST_URI} !^.*/xmlrpc.php [NC]
# Whitelist Network|Multisite Signup POST Form Requests
RewriteCond %{REQUEST_URI} !^.*/wp-signup.php [NC]
# Whitelist Network|Multisite Activate POST Form Requests
RewriteCond %{REQUEST_URI} !^.*/wp-activate.php [NC]
# Whitelist Trackback POST Requests
RewriteCond %{REQUEST_URI} !^.*/wp-trackback.php [NC]
# Whitelist Comments POST Form Requests
RewriteCond %{REQUEST_URI} !^.*/wp-comments-post.php [NC]
# Whitelist facebook Static HTML iframe tabs POST Requests by Query String
RewriteCond %{QUERY_STRING} !^obox-fb= [NC]
RewriteRule ^(.*)$ - [F]
  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.