How Do I Whitelist a whole plugin folder

Home Forums BulletProof Security Pro How Do I Whitelist a whole plugin folder

Viewing 15 posts - 1 through 15 (of 26 total)
  • Author
    Posts
  • #4186
    guy te watson
    Participant

    How Do I Whitelist a whole plugin folder?  The below from another thread is not clear.

    NOTE: Plugin Whitelisting rules use standard Regex characters. For example you could Whitelist all .js files in a particular plugins folder by creating this whitelist rule: /example-plugin-folder-name/(.*).js. The (.*) Regex characters mean match anything. The rule says match any file name in the /example-plugin-folder-name/ folder that is a .js file.

    How would I set it to whitelist any file in a plugin folder? Are the parentheses needed? Which of the below is correct 1 or 2 or 3 or 4 or something else?

    1 /example-plugin-folder-name/(.*).(.*)
    2 /example-plugin-folder-name/*.*
    3 /example-plugin-folder-name/(*).(*)
    4 /example-plugin-folder-name/.*..*

    Thanks!
    In Christ
    guy te

    #4198
    AITpro Admin
    Keymaster
    #4269
    guy te watson
    Participant

    The thread you left me is about excluding a folder from being checked by ARQ.  I am not asking about that. I am asking how to Whitelist a whole plugin folder in the Plugins Firewall. The “NOTE” I included above is talking about that but is unclear. What is the path that needs to be put in the Plugins Firewall Whitelist Tool to whitelist a whole plugins folder? Which of the below is correct 1 or 2 or 3 or 4 or something else?

    1 /example-plugin-folder-name/(.*).(.*)
    2 /example-plugin-folder-name/*.*
    3 /example-plugin-folder-name/(*).(*)
    4 /example-plugin-folder-name/.*..*

    Thanks!
    guy te

    #4270
    AITpro Admin
    Keymaster

    Oh whoops.  You need to have a valid identifier for your regular expression. You should ONLY need to whitelist either all php or js files or both.  You would probably not have to whitelist any other file types.

    /example-plugin-folder-name/(*).php - whitelists all php files
    /example-plugin-folder-name/(*).js - whitelists all js files
    #4876
    Joshua Wilson
    Participant

    Hello, i have been still trying for a while to get the plugin whitelist rules to work. i have tried across all my sites and it blockes the js to my e-commerce plugin.  I have tried different variables and none of it seems to work.  I have scanned and listed the plugins below.  This is what i have in the .htaccess.

    SetEnvIf Request_URI "/woodojo/bundled/woodojo-tabs/assets/js/functions.js$" whitelist
    SetEnvIf Request_URI "/woocommerce/(*).js" whitelist
    SetEnvIf Request_URI "/woocommerce/(*).php" whitelist
    SetEnvIf Request_URI "/background-manager/js/(.*).js$" whitelist
    #4877
    Joshua Wilson
    Participant

    T o clarify its what i have in the plugin folder .htaccess.  I search the forum first and got some answers but it didn’t work for me. I’v also backed up all the upper level .htacces files to rule that out

    #4878
    AITpro Admin
    Keymaster

    2 of your whitelist rules are not valid. They are missing the dollar signs $.

    SetEnvIf Request_URI "/woocommerce/(*).js" whitelist
    SetEnvIf Request_URI "/woocommerce/(*).php" whitelist

    Do NOT manually add whitelist rules to your plugin firewall .htaccess file.  Let BPS Pro do this instead to ensure that the rules are correct.  Add your plugin script paths to the Plugin Firewall Whitelist Text Area, click the Save Whitelist Options button and activate the Plugin Firewall. BPS Pro will add the dollar signs and all the rest of the whitelist rule/code correctly.

    The other very important reason for using the Plugin Firewall Whitelist Text Area is that this data is saved permanently so that if you need to deactivate and reactivate the Plugin Firewall then your saved plugin script paths would automatically be written to your plugin firewall .htaccess file again.  If you edit the plugins .htaccess file manually then you would have to manually add your whitelist rules again.

    #4885
    Joshua Wilson
    Participant

    I added this to the whitelist box, saved and re-imported the .htaccess but its still blocking all the scripts

    /woocommerce/(*).js
    /background-manager/js/(.*).js
    /woodojo/bundled/woodojo-tabs/assets/js/functions.js
    #4889
    AITpro Admin
    Keymaster

    What does this mean? “I added this to the whitelist box, saved and re-imported the .htaccess but its still blocking all the scripts”

    None of what you said above makes any sense to me.  This info below is how you setup the Plugin Firewall.  If you would like to see the full setup steps then click the Plugin Firewall Blue Read Me help button.  Below is a summary of the correct Plugin Firewall setup steps.

    Add your plugin script paths to the Plugin Firewall Whitelist Text Area, click the Save Whitelist Options button and activate the Plugin Firewall.

     

    #4905
    Joshua Wilson
    Participant

    “Add your plugin script paths to the Plugin Firewall Whitelist Text Area, click the Save Whitelist Options button and activate the Plugin Firewall.”

    I have tried this multiple times and it still blocks my scripts. Im sorry for the vauge explanation

    #4914
    AITpro Admin
    Keymaster

    Ok send me an administrator login to the website – edward at ait-pro dot com.

    #4923
    AITpro Admin
    Keymaster

    Something is very wrong with your site architecture.  You have a WordPress site installed in a folder that points to another completely different domain.  I assume you are doing some sort of Control Panel Domain forwarding thing or some other thing that is causing all the problems.  You error logs are full of errors from this WordPress site, but when I try and test the domain you are pointing too the 2 sites are not seen as the same site.  Please fix this first.  I could not continue with setting things up because the basic structure of this website is a mess.  BPS Pro will not work correctly until you fix that mess.

    #4924
    Joshua Wilson
    Participant

    I have fixed the issue. When you have time please take another look.

    I noticed you got the UAEG status to display on.   On my other sites i have activated the UAEG, but the display never showed it was on.  It copies the .htaccess in the uploads folder correctly.

    #4926
    Joshua Wilson
    Participant

    I found this in my cpanel redirects page, could this be blocking the $ variable? Domain Directory Redirect Url Type Match www. Wildcard Remove

    ALL 403 /\..*$ permanent
    ALL 403 /\..*$ permanent
    ALL 403 /\..*$ permanent
    ALL 403 /\..*$ permanent
    ALL 403 /\..*$ permanent
    ALL 403 /\..*$ permanent
    ALL 403 (https?|ftp|php)\:// permanent
    ALL 403 /(https?|ima|ucp)/ permanent
    #4941
    AITpro Admin
    Keymaster

    Ok will login in about 15 minutes.  Thanks.

    Those are not valid rules.  I assume the problem with this cPanel Tool is similar to the cPanel Broken HotLink Protection Tool problem where that cPanel Tool looks at the existing root .htaccess file code and tries to create cPanel rules based on the code it finds in the root .htaccess file.  The “permanent” directive would be used for a redirect like the example code shown below.  In this case the cPanel Tool is creating invalid rules because it is not interpreting the .htaccess code correctly.

    Example of how the permanent directive should be used:

    Redirect permanent /one http://example.com/two

    Try removing this invalid code from the cPanel Tool, but it may not let you do this.  Or you can try disabling this cPanel tool if you are not actually using it.  You can add redirect code to BPS Custom Code if you have redirects for your website.

    This is one of many Forum topics regarding .htaccess redirect code.

    http://forum.ait-pro.com/forums/topic/htaccess-redirect-code-where-do-i-add-redirect-htaccess-code/

Viewing 15 posts - 1 through 15 (of 26 total)
  • You must be logged in to reply to this topic.