Favicon by RealFaviconGenerator – favicon blocked, UAEG 403 error

[AITpro Admin]

The Favicon by RealFaviconGenerator plugin creates a new folder under the WordPress /uploads/ folder: /uploads/fbrfg/. UAEG blocks scripts that can executed in the WordPress uploads folder, such as js, php or other scripts.

Security Log entry:

[403 GET Request: December 28, 2016 4:09 am]
BPS Pro: 12.5
Event Code: UAEGWR-HPRA
Solution:
http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
REMOTE_ADDR: 71.9.114.52
Host Name: 71-9-114-52.static.lsan.ca.charter.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://www.example.com/
REQUEST_URI: /wp-content/uploads/fbrfg/manifest.json
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 7.1.1; Pixel Build/NMF26O)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.91 Mobile
Safari/537.36

Solution:  Create a UAEG folder whitelist rule to whitelist the folder that the Favicon by RealFaviconGenerator plugin creates under the WordPress uploads folder.  See this forum topic for the steps to do this:  https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/.  The folder whitelist rule for the Favicon by RealFaviconGenerator plugin folder under the uploads folder is this: SetEnvIf Request_URI "fbrfg/.*$" whitelist. Note: You also need to remove the # signs from in front of these lines of code: #Require env whitelist and #Allow from env=whitelist.

Example UAEG htaccess code for an Apache server with the folder whitelist rule for the Advanced Ads plugin:

# BULLETPROOF PRO UPLOADS FOLDER .HTACCESS
#
# BPS mod_authz_core IfModule BC
# Allow,Deny
# First, all Allow directives are evaluated. At least one must match, or the request is rejected.
# Next, all Deny directives are evaluated. If any matches, the request is rejected.
# Last, any requests which do not match an Allow or a Deny directive are denied by default.
#
# Deny,Allow
# First, all Deny directives are evaluated. If any match, the request is denied unless
# it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted.
#
# *Match* -------------------- *Allow,Deny result* -------------------- *Deny,Allow result*
# Match Allow only ----------- Request allowed ------------------------ Request allowed
# Match Deny only ------------ Request denied ------------------------- Request denied
# No match ------------------- Default to second directive: Denied ---- Default to second directive: Allowed
# Match both Allow & Deny ---- Final match controls: Denied ----------- Final match controls: Allowed
#
# NOTE: The zip file extension can be added to block remote access or execution of zip files, several plugins create
# create either temporary or permanent zip files in the uploads folder. This may block those plugins from being
# able to create zip files in your uploads folder.
#
# BEGIN WHITELIST
# Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front
# of the whitelist rule you want to use, add the actual filename or folder name you want to whitelist and also
# delete the # sign in front of #Require env whitelist and #Allow from env=whitelist.
# Whitelist a specific js file in the uploads folder: example.js
#SetEnvIf Request_URI "example.js$" whitelist
# Whitelist an entire folder in the uploads folder: /uploads/example-folder/
SetEnvIf Request_URI "fbrfg/.*$" whitelist
# END WHITELIST
#
# FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
<FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
<IfModule mod_authz_core.c>
Require env whitelist
Require all denied
</IfModule>

<IfModule !mod_authz_core.c>
<IfModule mod_access_compat.c>
Order Allow,Deny
Allow from env=whitelist
Deny from all
</IfModule>
</IfModule>
</FilesMatch>

# FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg
<FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$">
<IfModule mod_authz_core.c>
Require env whitelist
Require all denied
</IfModule>

<IfModule !mod_authz_core.c>
<IfModule mod_access_compat.c>
Order Allow,Deny
Allow from env=whitelist
Deny from all
</IfModule>
</IfModule>
</FilesMatch>

Example UAEG htaccess code for a LiteSpeed server with the folder whitelist rule for the Favicon by RealFaviconGenerator plugin:

# BULLETPROOF PRO UPLOADS FOLDER .HTACCESS
#
# BPS LiteSpeed mod_rewrite
#
# BEGIN WHITELIST
# Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front
# of the whitelist rule you want to use and add the actual filename or folder name you want to whitelist.
# Whitelist a specific js file in the uploads folder: example.js
#RewriteRule ^example.js$ - [L]
# Whitelist an entire folder in the uploads folder: /uploads/example-folder/
RewriteRule ^fbrfg/.*$ - [L]
# END WHITELIST
#
# FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
RewriteCond %{REQUEST_URI} ^.*\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$ [NC]
RewriteRule ^(.*)$ - [F]

# FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg
<FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$">
Order Allow,Deny
Deny from all
</FilesMatch>

[Author]

Posts