Links in Facebook to website generate 403 Forbidden errors

Home Forums BulletProof Security Free Links in Facebook to website generate 403 Forbidden errors

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
  • #14727
    Claude Latour


    We are trying to post links in our Facebook page that link to our blog posts. Facebook responds with a 403 Forbidden error message (see below). Is BPS blocking this? We have the latest version of BPS Free 50.1.

    403 FORBIDDEN : 403 errors usually mean that the server does not have permission to view the requested file or resource.These errors are often caused by IP Deny rules, File protections, or permission problems.

    Thanks for your help


    AITpro Admin

    Are you using a WordPress facebook plugin or are these just general links to/from facebook?  Check your BPS Security Log and post a log entry that is related to facebook links.

    Claude Latour
    >>>>>>>>>>> 403 GET or Other Request Error Logged - April 7, 2014 3:43 pm <<<<<<<<<<<
    Host Name:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.428.0 Safari/534.1

    But I think this has to do with a FB plugin that’s running on our site and not links on our FB page being blocked. Incidentally, we’ve also opened a ticket with our hosting provider (HostGator) to see if they could be blocking inbound access from FB. We have also noticed that not all links generate a 403 error. For example:

    This one does:
    This one doesn’t :

    Both pages were published at the same time. We’re at a loss to understand why one is blocked and the other isn’t…

    AITpro Admin

    I will reducing this Forum Topic down to only relevant posts and deleting all other posts that are not relevant to the real issue.  What must be occuring is you have a social media / facebook plugin installed that is processing the inbound links from facebook.  What BPS is blocking is that plugin.  So once I know the name of the social media / facebook plugin then I will be able to install and test it to find out what needs to done to fix the issue.

    And yes you are absolutely correct about where the issue/problem is occurring – “But I think this has to do with a FB plugin that’s running on our site and not links on our FB page being blocked. ”

    I should have gotten the name of the fb plugin from the get go.  Went off on a crazy tangent.  Which fb plugin is this?  I will test it with BPS and see what is being blocked in that plugin.

    Claude Latour

    I sent you a PM with example URLs to test from your Facebook fan page. The Hostgator tech was able to reproduce the 403 with these URLs from his test FB page. Consequently, when he deactivated BPS, there were no more 403 errors in FB.

    We don’t have any active FB or social media plugins. The WP Theme we use (Max mag) comes with social widgets. The ones we use are the facebook like box with faces, and the floating social media share bar. To my knowledge, there is no interaction between these widgets and the action of posting a link in our FB page, since you can post any link from any site.

    Try to post the links I PMed you in your FB page, see what you get…

    AITpro Admin

    I understand that, but when I post a link from facebook to any one of our sites with BPS installed on them this problem does not occur.  You have something installed on your site – either your theme or a plugin that must be doing something with the inbound facebook links to your site.  BPS is blocking that.  That is the only logical explanation.

    Take this approach instead.  temporarily switch your theme to another theme and test.  Then switch back to your current theme just to isolate the source of the issue.  “The WP Theme we use (Max mag) comes with social widgets” – Themes come with plugins bundled into the theme. The social widgets plugin bundled with this theme is going to be where the issue is and what BPS is blocking.

    Or try a hail mary and comment out all the BPS Query string exploits code in your root .htaccess file to see if it is one of the security filters in that section of code that is blocking facebook link functionality in your theme or a plugin on your particular site.  You would then do a process of elimination to find out which security filter is blocking the facebook links on your particular site.  Once again this issue/problem does not occur on any of our sites with BPS installed on them.

    Claude Latour

    I’m not sure I would want to change the theme and do more harm than good… we have thousands of visitors every day.

    I don’t know if you caught this earlier, but not all links generate a 403, some do, and some don’t. So does that mean there is something specific in the URL that’s causing this? What is certain is that BPS is behind it.

    Can you look at our htaccess and tell us which are “BPS Query string exploits code” ? I would try this before anything else

    AITpro Admin

    If BPS is blocking something it is blocked 100% of the time – there is no middle ground – it is all or nothing – blocked or not blocked.  If some links are working and others are not then this is being caused by something else.  Intermittent problems typically indicate a cache problem.  BPS Query string exploits code starts from:  # BEGIN BPSQSE BPS QUERY STRING EXPLOITS and ends at:  # END BPSQSE BPS QUERY STRING EXPLOITS.  Do NOT comment out this one security filter:  RewriteCond %{QUERY_STRING} (sp_executesql) [NC] – this one security filter needs to be uncommented or your site will crash. A pound sign # is used to comment out .htaccess code.

    Also 403 errors are a standard error.  They are not exclusive to BPS.

    I installed and tested the Max Magazine theme and created a link from facebook to the test site – it worked fine without  a 403 error.

    Claude Latour

    Eureka! I found something that fixes the problem:

    I enter the URL here, click ‘DEBUG’ and for some reason it “cleans” the URL. Once that’s done, I go back to my fan page, post the link and voila, it works!

    I have no idea why this works, but it does. And BPS is active.

    Thanks a lot for all your help!

    AITpro Admin

    Wow!  That is pretty dam cool.  I will have to check that out.  Thanks for posting what worked.

    Lian Chien

    Hello! Good day everyone, I am providing this testimony to all those who have suffered financial losses as a result of a gang of fraudulent brokers impersonating bitcoin and Forex traders. I am aware that a lot of individuals have lost money on bitcoin due to the misconception that it cannot be traced. My belief was that my $520,000 in bitcoin and USDT was gone forever until I came across an article about Morrison recovery, a reliable money recovery expert who can locate and retrieve lost cryptocurrency rapidly. I contacted Morrison recovery straight away, and after providing him with all the information, I was able to enter my restricted account and get my bitcoins back in my wallet. If you have fallen victim to these unscrupulous cryptocurrency scammers, Then rich out to him through email at

Viewing 11 posts - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.