Loader.io load testing service – 403 error

Home Forums BulletProof Security Pro Loader.io load testing service – 403 error

Tagged: 

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • December 30, 2018 at 9:15 am #36797
    AITpro Admin
    Keymaster

    Email Question:

    Hello,

    How to stop blocking this request from Loaderio https://loader.io

    I’m using Loader service for Load test but BPS blocking Loader.

    I found this: https://forum.ait-pro.com/forums/topic/whitelist-bots-allow-good-bots-to-make-a-head-request/

    But I’m not shore did I understand what exactly I need to do

    [403 GET Request: 07.11.2018. - 12:27]
BPS Pro: 13.7
WP: 4.9.8
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: blueprint.hr
Host Name: 
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /loaderio-b734592f068dd0eab110a75e1e0fdeeb.txt
QUERY_STRING: 
HTTP_USER_AGENT: loaderio;verification-bot
    December 30, 2018 at 9:20 am #36798
    AITpro Admin
    Keymaster

    Confirmed working solution:

    I think what is being blocked is “loaderio” in the User Agent security rules shown in the example code below.

    1. Go to the BPS Pro > B-Core > Custom Code tab page.
    2. Click the Root htaccess File Custom Code accordion tab button.
    3. Scroll down to this Custom Code Text Box:  12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
    4. Edit your existing custom code in that Custom Code text box and delete the yellow highlighted sections of code shown in the example below from your custom code that is saved in Custom Code Text Box:  12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS.
    5. Click the Save Root Custom Code button.
    6. Go to the Security Modes tab page and click the Root Folder BulletProof Mode Activate button.
    7. Retest Loader.io

    # CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
# The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
# Good sites such as W3C use it for their W3C-LinkChecker.
# Use BPS Custom Code to add or remove user agents temporarily or permanently from the
# User Agent filters directly below or to modify/edit/change any of the other security code rules below.
RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.