Home › Forums › BulletProof Security Pro › Mailster Plugin – 403 error
Tagged: 403 error
- This topic has 2 replies, 1 voice, and was last updated 5 months, 1 week ago by
AITpro Admin.
-
AuthorPosts
-
AITpro Admin
KeymasterEmail Question:
Hey Edward, hope all is well with you.
I am setting up my email plugin and now I have a 403 error trying to see the content at this page:
https://www.example.com/wp-admin/edit.php?post_type=newsletter&page=mailster_templates&browse=installed
[403 GET Request: October 11, 2021 - 11:38 am] BPS Pro: 15.8 WP: 5.8.1 Event Code: UAEGWR-HPRA Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ REMOTE_ADDR: 24.186.112.182 Host Name: ool-18ba70b6.dyn.optonline.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/wp-admin/edit.php?post_type=newsletter&page=mailster_templates&browse=installed REQUEST_URI: /wp-content/uploads/mailster/templates/mailster/index.html?nocache=1633966706185 QUERY_STRING: nocache=1633966706185 HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0
How can I fix this?
Thank you
AITpro Admin
KeymasterAnswer:
What is being blocked is the html file in the WP /uploads folder by the BPS Pro UAEG htaccess file: /wp-content/uploads/mailster/templates/mailster/index.html
https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
Do these steps to create a whitelist rule for the /uploads/mailster folder:
To edit/customize your Uploads Anti-Exploit Guard (UAEG) .htaccess file go to the B-Core > htaccess File Editor tab page > “Your Current Uploads htaccess File” tab and do the steps below.
1. Copy and paste your entire Uploads .htaccess file code from the “Your Current Uploads htaccess File” tab on the htaccess File Editor page into the CUSTOM CODE UAEG text box on the BPS Custom Code tab page.
2. Edit/modify/customize your UAEG htaccess code in the CUSTOM CODE UAEG text box on the BPS Custom Code tab page.
3. Click the Save UAEG Custom Code button to save your UAEG custom code.
4. Go to the Security Modes page and click the UAEG BulletProof Mode Activate button.You have an Apache server so this is the whitelist edit that you need to do in the UAEG htaccess code in the CUSTOM CODE UAEG text box:
To whitelist a folder: Remove/delete the # sign from infront of this line of code in your UAEG htaccess code and change the folder name to your actual folder name that you want to whitelist.
SetEnvIf Request_URI “mailster/.*$” whitelistDelete the # signs in front of #Require env whitelist and #Allow from env=whitelist shown highlighted in yellow below in your UAEG code that you copied to CUSTOM CODE UAEG.
# FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$"> <IfModule mod_authz_core.c> #Require env whitelist Require all denied </IfModule> <IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny #Allow from env=whitelist Deny from all </IfModule> </IfModule> </FilesMatch>
AITpro Admin
KeymasterA different Mailster issue. If you see wp-admin 403 errors like this one below. Do these steps to fix the issue:
1. Copy the modified wp-admin Query String exploits code below into this BPS wp-admin Custom Code text box: 4. CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS.
2. Click the Save wp-admin Custom Code button.
3. Go to the BPS Setup Wizard page and run the Setup Wizards.# BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS # WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED # Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently. RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\s+|%20+\s+|\s+%20+|\s+%20+\s+)(http|https)(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] #RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR] RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F] # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
[403 GET Request: October 24, 2022 - 5:06 pm] BPS Pro: 16.9 WP: 6.0.3 Event Code: WPADMIN-SBR Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 127.0.0.1 Host Name: DESKTOP-8TQEKNH SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-admin/admin.php?page=mailster_update&redirect_to=http://aitpro-blog.local/wp-admin/admin.php?page=mailster_dashboard QUERY_STRING: page=mailster_update&redirect_to=http://aitpro-blog.local/wp-admin/admin.php?page=mailster_dashboard HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
-
AuthorPosts
- You must be logged in to reply to this topic.