Home › Forums › BulletProof Security Pro › Litespeed image optimisation issue
- This topic has 10 replies, 2 voices, and was last updated 3 months, 1 week ago by AITpro Admin.
-
AuthorPosts
-
IanParticipant
Hi,
We have an issue where the litespeed image optimisation is not working.
We installed litespeed as per the directions that bulletproof gave we it noticed us activate the litespeed plugin.
We have white listed the QUIC.cloud servers that perform the optimisation in wordfence.
We have a support topic here where the litespeed tech has suggested this issue is due to a security setting:
https://wordpress.org/support/topic/image-optimisation-not-working-5/
Do we need to make extra exclusions in bulletproof when using QUIC.cloud servers to perform the image optimisation?
Many thanks
AITpro AdminKeymasterSee this forum topic > https://forum.ait-pro.com/forums/topic/whitelist-quic-cloud/#post-43567 Recommendation: Deactivate the BPS Pro Plugin Firewall feature.
I’ve never seen a service like this state that they will randomly change their block of IP addresses. Most services like this have a set list of IP addresses that will never change for obvious reasons. Are you adding the QUIC cloud IP addresses in the BPS Pro Plugin Firewall whitelist tools? If so, then the simplest solution would be to turn off/deactivate the BPS Pro Plugin Firewall feature.
Looking at the capabilities of QUIC cloud it will offer comparable WAF firewall protection in place of the BPS Pro Plugin Firewall. So you would not be losing that protection since QUIC cloud would be handling that instead of the Plugin Firewall feature.
IanParticipantHi,
We actually already had the firewall disabled, as it caused a conflict with something in the past, so something else must be effecting this.
Thanks
AITpro AdminKeymasterI checked your site and you are using js minification in the LightSpeed cache plugin. js minification is known to break many things. Try turning off js minification in LightSpeed.
IanParticipantHi,
Is this something I need to do in Bulletproof? If so what would I need to do?
<title>Bot Verification</title>
this is some kind of bot verification measure , you need to disable it for REST API
AITpro AdminKeymasterIt looks like your web host made some changes on your server that briefly fixed things > https://wordpress.org/support/topic/image-optimisation-not-working-5/page/2/#post-17770043
IanParticipantHi,
Yes, when cloudflare deactivated StackProtect it briefly worked.
Now we get this issue:
xxx@xxx:~$ curl -i -XPOST -d "test" https://walking-football.com/?rest_route=litespeed/v1/notify_img HTTP/2 403 date: Wed, 29 May 2024 17:00:22 GMT server: Apache content-length: 318 content-type: text/html; charset=iso-8859-1 x-via: LHR6 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access this resource.</p> <p>Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.</p> </body></html>
I asked cloudflare to check stackprotect was still disabled and they confirmed it was. They also said: "Thank you very much for your patience. It looks like there is something in the .htaccess which is blocking this When curling just the site I'm also getting a 403 Forbidden error, however, once everything has been removed from the .htaccess file the CURL works As such I would advise looking into what has been set in the .htaccess file for the site." So could this now be something to do with a bulletproof setting in the htacess file? ThanksIanParticipantI asked cloudflare to check stackprotect was still disabled and they confirmed it was. They also said:
“Thank you very much for your patience.It looks like there is something in the .htaccess which is blocking this
When curling just the site I’m also getting a 403 Forbidden error, however, once everything has been removed from the .htaccess file the CURL works
As such I would advise looking into what has been set in the .htaccess file for the site.”
So could this now be something to do with a bulletproof setting in the htacess file?
Thanks
AITpro AdminKeymasterTo allow curl Requests use this solution > https://forum.ait-pro.com/forums/topic/mailchimp-embed-code-verification-gets-403/#post-40237
IanParticipantHi,
When I went to add the code, I noticed we already have that in there.
AITpro AdminKeymasterI need to see the Security Log entry that shows what is being blocked. Go to the BPS Security Log page and post the Security Log entry that shows what is being blocked. Note: The BPS Security Log logs all 403 errors whether or not BPS is blocking something. Example: If ModSecurity or some other security feature on your web host is blocking something then the BPS Security Log will log that block.
-
AuthorPosts
- You must be logged in to reply to this topic.