Home › Forums › BulletProof Security Free › Google Analytics utm_source – 403 error
Tagged: 403 error, Google Analytics, UTM, utm_source
- This topic has 12 replies, 3 voices, and was last updated 9 years, 8 months ago by AITpro Admin.
-
AuthorPosts
-
DoubleSpeedParticipant
I have an issue where Google Analytics referral URL strings are being blocked ?utm_source=blah…. these give the:
403 Forbidden Error Page
If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.
How do I fix/allow these stings?AITpro AdminKeymasterI assume this is a feedburner issue/problem where something in the URL is being blocked – parenthesis, apostrophe or some other dangerous code character in the URL. Post the log entry from your BPS Security Log for one of these 403 errors. Please verify that you are using feedburner or if not then post the name of the plugin.
http://forum.ait-pro.com/forums/topic/feedburner-error/
http://forum.ait-pro.com/forums/topic/allowing-parentheses-in-query-strings/#post-10589
DoubleSpeedParticipantHi,
Its not feedburner here is an example of the kind of link that is generating the generating the 403 page I’ve tried the modification to the .htaccess for feedburning of changing to this…
RewriteCond %{QUERY_STRING} ^.*(<|>|%3c|%3e).* [NC,OR] http://www.eu-cookie-law.com/?utm_source=cookietab&utm_medium=infobox&utm_campaign=http://www.e-termsandconditions.com&browserName=&majorVersion=
However this has not helped
Please advise?AITpro AdminKeymasterThe URL/Query String is simulating an RFI hacking attempt against your website.
[code removed – see working solution below]
DoubleSpeedParticipantI’ve added however unfortunately it doesn’t work, can I disable just RFI hacking function altogether there will be more than just the e-terms site that links to the eu cookie site using this same method?
AITpro AdminKeymasterI was able to duplicate and solve the problem on a test site. The Google Analytics UTM string/link is being blocked by a combination of 3 security filters.
The 3 security filters that are causing the block/403 error.
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
1. Copy the modified (3 security filters have been commented out with pound signs) BPS Query String Exploits code below to this BPS Root Custom Code text box: CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS: Modify Query String Exploit code here
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.# BEGIN BPSQSE BPS QUERY STRING EXPLOITS # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too. # Good sites such as W3C use it for their W3C-LinkChecker. # Use BPS Custom Code to add or remove user agents temporarily or permanently from the # User Agent filters directly below or to modify/edit/change any of the other security code rules below. RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] #RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR] RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F] # END BPSQSE BPS QUERY STRING EXPLOITS
DoubleSpeedParticipantYes thank you it works!
RaceManParticipantHello Admin
I’m having a similar 403 error problem that I can not seem to resolve with the provided code above.
My email manager / auto-responder (ActiveCampaign) provides the ability to both track the click of links in my email and also pass UTM Data in the URL so Google Analytics can see the incoming traffic as Campaign and track the traffic in Google Analytics.
FYI: I am using Google Analytics by Yoast to handle my connection to Google Analytics
Whenever I have Google Analytics tracking and Bulletproof enabled together I am presented with a 403 Forbidden error when visiting the following link: (Do not attempt to follow this link, the site is restricted to my home IP for development purposes.)
This is the exact error I’m getting even though I am logged in to WordPress as admin.
Forbidden
You don’t have permission to access /top-10-sewing-room-secrets/ on this server.Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
This is an absolutely legitimate URL (without the UTM tracking code attached)[403 GET / HEAD Request: March 30, 2015 - 1:02 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 38.104.242.98 Host Name: 38.104.242.98 SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: 38.104.242.98 HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /top-10-sewing-room-secrets/?utm_source=ActiveCampaign&utm_medium=email&utm_content=Welcome+to+HowToGetCreative+-+Here%27s+your+Video%21&utm_campaign=AutoResponderWelcomeEmailReminderToWatch QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.104 Safari/537.36
What do you recommend I do to resolve this error?
RaceManAITpro AdminKeymasterThe 403 error is being caused by the url encoded apostrophe/single quote code character –
%27
. The Custom Code solution is here: http://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939 So you do not need to use the Custom Code solution in this forum topic since the error is similar, but is not the exact same issue/problem.RaceManParticipantSuccess! The updated code at the link you provided has allowed BPS to accommodate the
%27
character in the ActiveCampaign Google Analytic tracking links.
Thanks for the help!
AITpro AdminKeymasterGreat! Thanks for confirming that did the trick.
RaceManParticipantHello Admin
Have you had a moment to test the Woocommerce redirection issue.
I really need to secure a solution so that I can fully process payments on my with without BPS blocking the paypal return path.
Your assistance is greatly appreciated.
Richard
AITpro AdminKeymasterThe WooCommerce Checkout issue/problem was previously split into this new Topic here: http://forum.ait-pro.com/forums/topic/woocommerce-checkout-403-error/#post-21805
Please do the things/steps in that Forum Topic and let me know if they work. Please also respond in the new forum Topic. Thanks.
-
AuthorPosts
- You must be logged in to reply to this topic.