Feedburner feed header causing 403 error

Home Forums BulletProof Security Free Feedburner feed header causing 403 error

Tagged: , , ,

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • November 21, 2012 at 10:26 pm #455
    John
    Participant

    I’ve just returned to using Feedburner after trying Jetpack’s subscription system and the article title in the emailed feed – Four agreements & panda diplomacy neuters US President’s visit to Thailand – returns a 403 Permission denied error when clicked.

    The link followed is:

    http://photo-journ.com/2012/four-agreements-panda-diplomacy-neuters-us-presidents-visit-to-thailand/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+photo-journ%2FZcrT+%28photo-journ%27s+newsblog+by+John+Le+Fevre%29

    It does not occur if bulletproof mode for website root folder .htaccess is not activated. I had read somewhere that changing:

    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)||%3c|%3e|%5b|%5d).* [NC,OR]

    to

    RewriteCond %{QUERY_STRING} ^.*(\[|\]||%3c|%3e|%5b|%5d).* [NC,OR]

    should fix the problem, but it has not. Any suggestions would be gratefully received.

    November 21, 2012 at 11:13 pm #456
    AITpro Admin
    Keymaster

    The Query string has a single quote character in it and that is why it is generating a 403 error

    photo-journ%27s = photo-journ’s

    You can either remove the singe quote character from the feed post or you can modify these security filters in your root .htaccess file to allow the single quote character.

    You would remove %27 from these security filters below and also remove the single quote coding character in the QUERY_STRING filter.

    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    November 24, 2012 at 10:24 am #517
    John
    Participant

    Thanks very much. Removing the apostrophe in the feed fixed the problem.

    November 24, 2012 at 11:24 am #518
    AITpro Admin
    Keymaster

    Great!  Thanks for confirming this.  

    It is a shame that the Apostrophe is the most dangerous coding character – the single quote.  When used in the right hands the single quote coding character is completely harmless.  When used in the wrong hands the single quote coding character becomes very, very dangerous.  You will notice that by default WordPress strips the single quote coding character out of URL/Permalink slugs as well as all of the other coding characters that are considered unsafe to use.  😉

    February 2, 2013 at 5:10 pm #1657
    imiloaadmin
    Member

    THANK YOU!  it worked.  of course wouldn’t you know it, constant contact (spam blasters!) would be using bad apostrophes.  thanks again, ya’ll are on it!!

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.