Soliloquy Responsive Image Slider – Plugin Firewall whitelist soliloquy.js

[John H]

Hi,

I am frustrated. I love BPS but I am having a hard time with the Soliloquy Slider Plugin. I am using this plugin to embed a YouTube video. It works fine on my machine, but others cannot access it. I get the Security Log 403 message.

I did a firewall test and entered the appropriate info (/soliloquy/js/fitvids.js, /soliloquy/js/soliloquy.js,) into the whitelist, saved, did the master file thing and reactivated the bullet proof mode. This did not work so I used additional whitelist tools and then used the plugin override. It still does not work.

The only solution that works is to turn off the firewall – but this hardly seems optimal.

Do you have any suggestions?

Thanks,

John

[AITpro Admin]

Do you have this version:  Soliloquy Lite Responsive Image Slider or do you have the fully supported version?

My hunch is that another file extension type needs to be whitelisted like maybe a flv or some other file extension.  Currently the Plugin Firewall Test Mode checks for these file extensions:  js, php and swf.  Right mouse click on the website page the has the slider and select View Source to view your website’s source code.  Then do a search using:  /plugins/soliloquy/.  This search will show you all the frontloading plugin scripts that this plugin is loading on the front end of your website in the search results. Css scripts are not blocked by the Plugin Firewall so you can disregard any css scripts that you see for this plugin.

Or post the error for this plugin here from your Security Log.

[John H]

Thanks for your prompt response.

I did a search and turned up nothing but the files I have already whitelisted.

Here is the security log message

>>>>>>>>>>> 403 GET or Other Request Error Logged - March 11, 2013 - 2:17 pm <<<<<<<<<<<
REMOTE_ADDR: 110.142.174.212
Host Name: knodep.lnk.telstra.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://burnieworks.com/introduction-video/
REQUEST_URI: /wp-content/plugins/soliloquy/js/soliloquy.js?ver=1.0.0
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:19.0) Gecko/20100101 Firefox/19.0

Thanks again for your help.

[AITpro Admin]

I checked your website and I see the 403 error is occurring so it appears that the Whitelist rule is not actually in your plugin firewall .htaccess file.

Failed to load resource: the server responded with a status of 403 (Forbidden) http: //burnieworks.com/wp-content/plugins/soliloquy/js/soliloquy.js?ver=1.0.0

Go to the BPS htaccess File Editor page and click on the Plugin Firewall tab to view the contents of your Plugin Firewall .htaccess file.

You should see a Whitelist rule that looks like this:  SetEnvIf Request_URI “/soliloquy/js/soliloquy.js$” whitelist

Let me know if you see this or not.  Also check that the format is correct for all your Whitelisted rules.

Example (should look similar to this format, but you will obviously have different plugin scripts whitelist rules):

# BEGIN WHITELIST: Frontend Loading Website Plugin scripts/files
SetEnvIf Request_URI "/bulletproof-security/400.php$" whitelist
SetEnvIf Request_URI "/bulletproof-security/403.php$" whitelist
SetEnvIf Request_URI "/buddypress/bp-themes/bp-default/_inc/global.js$" whitelist
SetEnvIf Request_URI "/wp-jquery-lightbox/jquery.lightbox.min.js$" whitelist
SetEnvIf Request_URI "/bbpress/bbp-theme-compat/js/topic.js$" whitelist
SetEnvIf Request_URI "/wp-jquery-lightbox/jquery.touchwipe.min.js$" whitelist
# END WHITELIST

 

[AITpro Admin]

Oops I accidentally included the /plugins folder in the Solilquy plugin path.  I have correct that above.  😉

[John H]

Ok where “SetEnvIf Request_URI “/soliloquy/js/soliloquy.js$” whitelist” is I have “SetEnvIf Request_URI “/soliloquy/js/soliloquy.js,$” whitelist”

Note the comma in the second one.

I imagine this is what is causing me grief?

Cheers,

John

[AITpro Admin]

UPDATE:
——————

Code Correction BPS Pro 5.7:  Blank spaces, line breaks and extra commas are now stripped off of the beginning and end of the returned DB String for the Plugin Firewall whitelist rules and also in the Whitelist Text area itself – double insurance against this issue/problem occurring.

$bps_pfw_whitelist = array_filter( explode(', ', str_replace( array("/bulletproof-security/admin/js/bulletproof-security-admin-5.js, ", "/bulletproof-security/admin/js/bulletproof-security-admin-4.js, ","/bulletproof-security/admin/js/bulletproof-security-admin-3.js, ", "/bulletproof-security/admin/js/bulletproof-security-admin-2.js, ", "/bulletproof-security/admin/js/bulletproof-security-admin.js"), "", trim( $options['bps_pfw_whitelist'], ", \t\n\r") ) ) );

——————

Yep that comma is the problem.  Go back to the Plugin Firewall section on the Security Modes page and make sure that Test Mode is turned Off.  Then delete your plugin firewall .htaccess file, double check your Whitelist Text area to make sure the extra comma is not there and then save your Whitelist Options again and activate the Plugin Firewall again.  There is a glitch/bug that I just recently noticed that happens if you save your Whitelist Options while Test Mode is on it does not strip the last comma off of the last plugin script that is in the Whitelist Text area.

[AITpro Admin]

Ok I cleared my Browser cache and I can now see your Slider/Video.

[John H]

Thank you the comma is gone. And it now works.

I appreciate your help and will keep an eye out for that pesky comma in future.

[Author]

Posts