Mailster Plugin – 403 error

Home Forums BulletProof Security Pro Mailster Plugin – 403 error

Tagged: 

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #40801
    AITpro Admin
    Keymaster

    Email Question:

    Hey Edward, hope all is well with you.

    I am setting up my email plugin and now I have a 403 error trying to see the content at this page:

    https://www.example.com/wp-admin/edit.php?post_type=newsletter&page=mailster_templates&browse=installed

    [403 GET Request: October 11, 2021 - 11:38 am]
    BPS Pro: 15.8
    WP: 5.8.1
    Event Code: UAEGWR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 24.186.112.182
    Host Name: ool-18ba70b6.dyn.optonline.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/wp-admin/edit.php?post_type=newsletter&page=mailster_templates&browse=installed
    REQUEST_URI: /wp-content/uploads/mailster/templates/mailster/index.html?nocache=1633966706185
    QUERY_STRING: nocache=1633966706185
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0

    How can I fix this?

    Thank you

    #40802
    AITpro Admin
    Keymaster

    Answer:

    What is being blocked is the html file in the WP /uploads folder by the BPS Pro UAEG htaccess file: /wp-content/uploads/mailster/templates/mailster/index.html

    https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/

    Do these steps to create a whitelist rule for the /uploads/mailster folder:

    To edit/customize your Uploads Anti-Exploit Guard (UAEG) .htaccess file go to the B-Core > htaccess File Editor tab page > “Your Current Uploads htaccess File” tab and do the steps below.
    1. Copy and paste your entire Uploads .htaccess file code from the “Your Current Uploads htaccess File” tab on the htaccess File Editor page into the CUSTOM CODE UAEG text box on the BPS Custom Code tab page.
    2. Edit/modify/customize your UAEG htaccess code in the CUSTOM CODE UAEG text box on the BPS Custom Code tab page.
    3. Click the Save UAEG Custom Code button to save your UAEG custom code.
    4. Go to the Security Modes page and click the UAEG BulletProof Mode Activate button.

    You have an Apache server so this is the whitelist edit that you need to do in the UAEG htaccess code in the CUSTOM CODE UAEG text box:

    To whitelist a folder: Remove/delete the # sign from infront of this line of code in your UAEG htaccess code and change the folder name to your actual folder name that you want to whitelist.
    SetEnvIf Request_URI “mailster/.*$” whitelist

    Delete the # signs in front of #Require env whitelist and #Allow from env=whitelist shown highlighted in yellow below in your UAEG code that you copied to CUSTOM CODE UAEG.

    # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
    <IfModule mod_authz_core.c>
    #Require env whitelist
    Require all denied
    </IfModule>
    
    <IfModule !mod_authz_core.c>
    <IfModule mod_access_compat.c>
    Order Allow,Deny
    #Allow from env=whitelist
    Deny from all
    </IfModule>
    </IfModule>
    </FilesMatch>
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.