Favicon by RealFaviconGenerator – favicon blocked, UAEG 403 error

Home Forums BulletProof Security Pro Favicon by RealFaviconGenerator – favicon blocked, UAEG 403 error

This topic contains 0 replies, has 1 voice, and was last updated by  AITpro Admin 1 year, 4 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #31975

    AITpro Admin
    Keymaster

    The Favicon by RealFaviconGenerator plugin creates a new folder under the WordPress /uploads/ folder: /uploads/fbrfg/. UAEG blocks scripts that can executed in the WordPress uploads folder, such as js, php or other scripts.

    Security Log entry:

    [403 GET Request: December 28, 2016 4:09 am]
    BPS Pro: 12.5
    Event Code: UAEGWR-HPRA
    Solution:
    http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 71.9.114.52
    Host Name: 71-9-114-52.static.lsan.ca.charter.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/
    REQUEST_URI: /wp-content/uploads/fbrfg/manifest.json
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 7.1.1; Pixel Build/NMF26O)
    AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.91 Mobile
    Safari/537.36

    Solution:  Create a UAEG folder whitelist rule to whitelist the folder that the Favicon by RealFaviconGenerator plugin creates under the WordPress uploads folder.  See this forum topic for the steps to do this:  https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/.  The folder whitelist rule for the Favicon by RealFaviconGenerator plugin folder under the uploads folder is this: SetEnvIf Request_URI "fbrfg/.*$" whitelist. Note: You also need to remove the # signs from in front of these lines of code: #Require env whitelist and #Allow from env=whitelist.

    Example UAEG htaccess code for an Apache server with the folder whitelist rule for the Advanced Ads plugin:

    # BULLETPROOF PRO UPLOADS FOLDER .HTACCESS
    #
    # BPS mod_authz_core IfModule BC
    # Allow,Deny
    # First, all Allow directives are evaluated. At least one must match, or the request is rejected.
    # Next, all Deny directives are evaluated. If any matches, the request is rejected.
    # Last, any requests which do not match an Allow or a Deny directive are denied by default.
    #
    # Deny,Allow
    # First, all Deny directives are evaluated. If any match, the request is denied unless
    # it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted.
    #
    # *Match* -------------------- *Allow,Deny result* -------------------- *Deny,Allow result*
    # Match Allow only ----------- Request allowed ------------------------ Request allowed
    # Match Deny only ------------ Request denied ------------------------- Request denied
    # No match ------------------- Default to second directive: Denied ---- Default to second directive: Allowed
    # Match both Allow & Deny ---- Final match controls: Denied ----------- Final match controls: Allowed
    #
    # NOTE: The zip file extension can be added to block remote access or execution of zip files, several plugins create
    # create either temporary or permanent zip files in the uploads folder. This may block those plugins from being
    # able to create zip files in your uploads folder.
    #
    # BEGIN WHITELIST
    # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front
    # of the whitelist rule you want to use, add the actual filename or folder name you want to whitelist and also
    # delete the # sign in front of #Require env whitelist and #Allow from env=whitelist.
    # Whitelist a specific js file in the uploads folder: example.js
    #SetEnvIf Request_URI "example.js$" whitelist
    # Whitelist an entire folder in the uploads folder: /uploads/example-folder/
    SetEnvIf Request_URI "fbrfg/.*$" whitelist
    # END WHITELIST
    #
    # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
    <IfModule mod_authz_core.c>
    Require env whitelist
    Require all denied
    </IfModule>
    
    <IfModule !mod_authz_core.c>
    <IfModule mod_access_compat.c>
    Order Allow,Deny
    Allow from env=whitelist
    Deny from all
    </IfModule>
    </IfModule>
    </FilesMatch>
    
    # FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg
    <FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$">
    <IfModule mod_authz_core.c>
    Require env whitelist
    Require all denied
    </IfModule>
    
    <IfModule !mod_authz_core.c>
    <IfModule mod_access_compat.c>
    Order Allow,Deny
    Allow from env=whitelist
    Deny from all
    </IfModule>
    </IfModule>
    </FilesMatch>

    Example UAEG htaccess code for a LiteSpeed server with the folder whitelist rule for the Favicon by RealFaviconGenerator plugin:

    # BULLETPROOF PRO UPLOADS FOLDER .HTACCESS
    #
    # BPS LiteSpeed mod_rewrite
    #
    # BEGIN WHITELIST
    # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front
    # of the whitelist rule you want to use and add the actual filename or folder name you want to whitelist.
    # Whitelist a specific js file in the uploads folder: example.js
    #RewriteRule ^example.js$ - [L]
    # Whitelist an entire folder in the uploads folder: /uploads/example-folder/
    RewriteRule ^fbrfg/.*$ - [L]
    # END WHITELIST
    #
    # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
    RewriteCond %{REQUEST_URI} ^.*\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$ [NC]
    RewriteRule ^(.*)$ - [F]
    
    # FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg
    <FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$">
    Order Allow,Deny
    Deny from all
    </FilesMatch>
Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.