HTML5 compliant PDF Viewer for WordPress – 403 error

Home Forums BulletProof Security Pro HTML5 compliant PDF Viewer for WordPress – 403 error

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • February 20, 2017 at 11:26 am #32457
    AITpro Admin
    Keymaster
    [403 GET Request: February 19, 2017 - 23:18]
BPS: .54.4
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 2a02:1810:0406:2d00:759d:2758:cad4:02ca
Host Name: ptr-4chfqzwj07mclb7kju.18120a2.ip6.access.telenet.be
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 2a02:1810:0406:2d00:759d:2758:cad4:02ca
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: https://ninavanrompaey.be/resume/
REQUEST_URI: /wp-content/plugins/pdf-viewer/stable/web/viewer.html?file=https://ninavanrompaey.be/wp-content/uploads/2017/01/NinaVanRompaey-CV.pdf
QUERY_STRING: 
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.54 Safari/537.36

    Problem: The method used by this plugin to view PDF files simulates an RFI hacking attempt against a website.

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    Solution: Create an RFI Misc Skip/Bypass rule for the viewer.html file.

    1. Copy the code below to this Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE: Add additional Referers and/or misc file names.
    IMPORTANT! Change the HTTP_REFERER example.com domain name in the code below to your actual domain/website name after you copy this code to BPS Custom Code.
    2. Save your new custom code by clicking the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
#
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (viewer\.html|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*example.com.*
RewriteRule . - [S=1]
    February 20, 2017 at 11:31 am #32458
    Didier Ludwig
    Participant

    Why do I get this and other posts by email though I haven’t subscribed?

    February 20, 2017 at 11:45 am #32459
    AITpro Admin
    Keymaster

    I was not aware that BuddyPress/bbPress is doing that.  You are the first person to ever mention that.  You are only supposed to get email notifications for forum topics that you are subscribed to.  I will have to do some BuddyPress/bbPress testing and see why that might be happening.

    When did this problem start occurring?  There was a bbPress capabilities bug that occurred around December 7, 2016.  So maybe that has something to do with it?

    February 20, 2017 at 12:46 pm #32466
    AITpro Admin
    Keymaster

    I have tested logging in with a standard participant user account and everything is working fine. ie I only receive emails for any forum topics were I have chosen the “Notify me of follow-up replies via email” checkbox option that you see in every/all forum topics.  I checked your bbPress Profile and everything looks ok.  I’m not really sure what else I can check since everything appears to be working normally. 😉

    Try this and see if it works > Select the “no” option for all emails and save your settings.  Then select the “yes” option for any email options you want and save your settings.  Kind of a “kick the jukebox” fix.  ha ha ha.

    bbPress Profile > Settings > Email
    yes or no options to send emails

    A member mentions you in an update using “@user-account-name”
    A member replies to an update or comment you’ve posted

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.