Home › Forums › BulletProof Security Pro › Favicon by RealFaviconGenerator – favicon blocked, UAEG 403 error
Tagged: 403 error, UAEG, uploads, Uploads Anti-Exploit Guard
- This topic has 0 replies, 1 voice, and was last updated 7 years, 11 months ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
The Favicon by RealFaviconGenerator plugin creates a new folder under the WordPress /uploads/ folder: /uploads/fbrfg/. UAEG blocks scripts that can executed in the WordPress uploads folder, such as js, php or other scripts.
Security Log entry:
[403 GET Request: December 28, 2016 4:09 am] BPS Pro: 12.5 Event Code: UAEGWR-HPRA Solution: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ REMOTE_ADDR: 71.9.114.52 Host Name: 71-9-114-52.static.lsan.ca.charter.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/ REQUEST_URI: /wp-content/uploads/fbrfg/manifest.json QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 7.1.1; Pixel Build/NMF26O) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.91 Mobile Safari/537.36
Solution: Create a UAEG folder whitelist rule to whitelist the folder that the Favicon by RealFaviconGenerator plugin creates under the WordPress uploads folder. See this forum topic for the steps to do this: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/. The folder whitelist rule for the Favicon by RealFaviconGenerator plugin folder under the uploads folder is this:
SetEnvIf Request_URI "fbrfg/.*$" whitelist
. Note: You also need to remove the # signs from in front of these lines of code: #Require env whitelist and #Allow from env=whitelist.Example UAEG htaccess code for an Apache server with the folder whitelist rule for the Advanced Ads plugin:
# BULLETPROOF PRO UPLOADS FOLDER .HTACCESS # # BPS mod_authz_core IfModule BC # Allow,Deny # First, all Allow directives are evaluated. At least one must match, or the request is rejected. # Next, all Deny directives are evaluated. If any matches, the request is rejected. # Last, any requests which do not match an Allow or a Deny directive are denied by default. # # Deny,Allow # First, all Deny directives are evaluated. If any match, the request is denied unless # it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted. # # *Match* -------------------- *Allow,Deny result* -------------------- *Deny,Allow result* # Match Allow only ----------- Request allowed ------------------------ Request allowed # Match Deny only ------------ Request denied ------------------------- Request denied # No match ------------------- Default to second directive: Denied ---- Default to second directive: Allowed # Match both Allow & Deny ---- Final match controls: Denied ----------- Final match controls: Allowed # # NOTE: The zip file extension can be added to block remote access or execution of zip files, several plugins create # create either temporary or permanent zip files in the uploads folder. This may block those plugins from being # able to create zip files in your uploads folder. # # BEGIN WHITELIST # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front # of the whitelist rule you want to use, add the actual filename or folder name you want to whitelist and also # delete the # sign in front of #Require env whitelist and #Allow from env=whitelist. # Whitelist a specific js file in the uploads folder: example.js #SetEnvIf Request_URI "example.js$" whitelist # Whitelist an entire folder in the uploads folder: /uploads/example-folder/ SetEnvIf Request_URI "fbrfg/.*$" whitelist # END WHITELIST # # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$"> <IfModule mod_authz_core.c> Require env whitelist Require all denied </IfModule> <IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny Allow from env=whitelist Deny from all </IfModule> </IfModule> </FilesMatch> # FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg <FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$"> <IfModule mod_authz_core.c> Require env whitelist Require all denied </IfModule> <IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny Allow from env=whitelist Deny from all </IfModule> </IfModule> </FilesMatch>
Example UAEG htaccess code for a LiteSpeed server with the folder whitelist rule for the Favicon by RealFaviconGenerator plugin:
# BULLETPROOF PRO UPLOADS FOLDER .HTACCESS # # BPS LiteSpeed mod_rewrite # # BEGIN WHITELIST # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front # of the whitelist rule you want to use and add the actual filename or folder name you want to whitelist. # Whitelist a specific js file in the uploads folder: example.js #RewriteRule ^example.js$ - [L] # Whitelist an entire folder in the uploads folder: /uploads/example-folder/ RewriteRule ^fbrfg/.*$ - [L] # END WHITELIST # # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY RewriteCond %{REQUEST_URI} ^.*\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$ [NC] RewriteRule ^(.*)$ - [F] # FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg <FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$"> Order Allow,Deny Deny from all </FilesMatch>
-
AuthorPosts
- You must be logged in to reply to this topic.