Favicon by RealFaviconGenerator – 403 error – UAEG whitelist rule

Home Forums BulletProof Security Pro Favicon by RealFaviconGenerator – 403 error – UAEG whitelist rule

This topic contains 0 replies, has 1 voice, and was last updated by  AITpro Admin 1 week, 2 days ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #37986

    AITpro Admin
    Keymaster

    The Favicon by RealFaviconGenerator plugin creates this WordPress Uploads folder: /wp-content/uploads/fbrfg/ and calls plugin files from this folder, which are blocked by the BPS Pro Uploads Anti-Exploit Guard (UAEG) htaccess file. To whitelist the /fbrfg/ plugin folder do the steps below.  Important Note:  These UAEG whitelisting steps are for an Apache server.  If you have a LiteSpeed server then use the LiteSpeed UAEG whitelisting steps in this UAEG forum topic > https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/

    Imporant Note: Do not copy this example code below and instead copy your actual UAEG htaccess file code by following the instructions in the steps below.

    To edit/customize your Uploads Anti-Exploit Guard (UAEG) .htaccess file go to the B-Core > htaccess File Editor tab page > “Your Current Uploads htaccess File” tab and do the steps below.
    1. Copy and paste your entire Uploads .htaccess file code from the “Your Current Uploads htaccess File” tab on the htaccess File Editor page into the CUSTOM CODE UAEG text box on the BPS Custom Code tab page.
    2. Edit/modify/customize your UAEG htaccess code in the CUSTOM CODE UAEG text box.
    3. Click the Save UAEG Custom Code button to save your UAEG custom code.
    4. Go to the Security Modes page and click the UAEG BulletProof Mode Activate button.

    The edit that you want to do in step #2 is this below (see other examples for whitelisting files or folders for Apache and LiteSpeed servers below):

    If you have an Apache server:
    To whitelist a folder: Remove/delete the # sign from infront of this line of code in your UAEG htaccess code and change the folder name to your actual folder name that you want to whitelist.

    Whitelist rule for the /uploads/fbrfg/ folder:  SetEnvIf Request_URI "fbrfg/.*$" whitelist

    If you have an Apache server (this step is not required if you have a LiteSpeed server):
    Delete the # signs in front of #Require env whitelist and #Allow from env=whitelist shown highlighted in yellow below in your UAEG code that you copied to CUSTOM CODE UAEG.

    # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
    <IfModule mod_authz_core.c>
    #Require env whitelist
    Require all denied
    </IfModule>
    
    <IfModule !mod_authz_core.c>
    <IfModule mod_access_compat.c>
    Order Allow,Deny
    #Allow from env=whitelist
    Deny from all
    </IfModule>
    </IfModule>
    </FilesMatch>

    The Security Log entry for the Favicon by RealFaviconGenerator plugin.

    [403 GET Request: 4th October 2019 - 7:17 pm]
    BPS Pro: 14.2
    WP: 5.2.3
    Event Code: UAEGWR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 108.213.94.121
    Host Name: 108-213-94-121.lightspeed.irvnca.sbcglobal.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 108.213.94.121
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://example.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php
    REQUEST_URI: /wp-content/uploads/fbrfg/manifest.json
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36
Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.