Home › Forums › BulletProof Security Pro › ManageWP 403 Error – POST
Tagged: ManageWP
- This topic has 45 replies, 5 voices, and was last updated 7 years, 10 months ago by James.
-
AuthorPosts
-
netvisibilitygroupParticipant
We use Manage WP to manage several sites and it’s getting blocked by BPS. I have whitelisted the IP addresses, but the problem is that the POST method is being blocked. How can I open this up? Here’s the security log error:
[403 POST Request: October 21, 2015 - 10:29 am] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 192.155.230.147 Host Name: 93.e6.9bc0.ip4.static.sl-reverse.com SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: POST HTTP_REFERER: https://managewp.com REQUEST_URI: / QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 REQUEST BODY: {"setting":{"notice":"<style scoped=\"scoped\">\n #mwp_notice_div.mwp_notice {\n background: #00689f; \/* Old browsers *\/\n background: -moz-linear-gradient(top, #00689f 0%, #00639a 25%, #005388 72%, #004e83 100%); \/* FF3.6+ *\/\n background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#00689f), color-stop(25%,#00639a), color-stop\n\n(72%,#005388), color-stop(100%,#004e83)); \/* Chrome,Safari4+ *\/\n back
Thanks!
AITpro AdminKeymasterAll of the ManageWP IP addresses are:
192.155.230.147 174.37.199.34 89.216.23.220 77.105.2.42 77.105.2.43 77.105.2.44 77.105.2.45 77.105.2.46 77.105.2.47
So this should work to whitelist all of the ManageWP IP addresses. The only potential problem I see is that if you add this additional conditional IP checking line of RewriteCond code then you may also have to add/whitelist your Server’s/website’s IP address too. Try the code without adding your website/server IP address and test if you can Login to your site. If you cannot login then delete the root htaccess file, login and add your Server/website IP address that you see on the BPS System Info page.
BPS POST Request Attack Protection Bonus Custom Code: http://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/
# BPS POST Request Attack Protection RewriteCond %{REQUEST_METHOD} POST [NC] # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC] # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON RewriteCond %{REQUEST_URI} !^.*/wp-cron.php [NC] # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON RewriteCond %{REQUEST_URI} !^.*/wp-login.php [NC] # Whitelist ManageWP IP Addresses RewriteCond %{REMOTE_ADDR} !^(192\.155\.230\.147|174\.37\.199\.34|89\.216\.23\.220|77\.105\.2\.4[234567])$ # Whitelist the WordPress Theme Customizer RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php # Whitelist XML-RPC Pingbacks, JetPack and Remote Posting POST Requests RewriteCond %{REQUEST_URI} !^.*/xmlrpc.php [NC] # Whitelist Network|Multisite Signup POST Form Requests RewriteCond %{REQUEST_URI} !^.*/wp-signup.php [NC] # Whitelist Network|Multisite Activate POST Form Requests RewriteCond %{REQUEST_URI} !^.*/wp-activate.php [NC] # Whitelist Trackback POST Requests RewriteCond %{REQUEST_URI} !^.*/wp-trackback.php [NC] # Whitelist Comments POST Form Requests RewriteCond %{REQUEST_URI} !^.*/wp-comments-post.php [NC] RewriteRule ^(.*)$ - [F]
UPDATE: 11-13-2015
Information provided by Jason Press. Thanks Jason!ManageWP is in the process of phasing out its “Classic” interface and introducing a new interface called “Orion”. The new interface is currently available as a kind of “mirroring” option for all “Classic” users (i.e. you can switch back and forth between the interfaces…Orion will be completely replacing the “Classic” interface sometime early next year). Orion has a different block of IP addresses from ManageWP and I did need to whitelist them all in order for both interfaces to work correctly with my sites. Here’s the full block of code I added to the Post Request Attack Protection code, which seems to be working well so far:
RewriteCond %{REMOTE_ADDR} !^(192\.155\.230\.147|174\.37\.199\.34|89\.216\.23\.220|77\.105\.2\.4[234567]|52\.24\.62\.11|52\.24\.187\.29|52\.25\.116\.116|52\.26\.122\.21|52\.27\.171\.126|52\.27\.181\.126|52\.88\.96\.110|52\.88\.119\.122|52\.88\.197\.180|52\.88\.215\.225|52\.89\.85\.107|52\.89\.94\.121|52\.89\.155\.51|54\.148\.73\.118|54\.186\.37\.105|54\.186\.128\.167|54\.186\.143\.184|54\.187\.92\.57|54\.191\.32\.65|54\.191\.40\.136|54\.191\.67\.23|54\.191\.80\.119|54\.191\.135\.209|54\.191\.136\.176|54\.191\.137\.17|54\.191\.148\.85|54\.191\.148\.225|54\.191\.149\.8|54\.191\.151\.18)$
RegEx version slightly shorter code/whitelist rule
RewriteCond %{REMOTE_ADDR} !^(192\.155\.230\.147|174\.37\.199\.34|89\.216\.23\.220|77\.105\.2\.4[234567]|52\.(2[4567]|8[89])\.(62|187|116|122|171|181|96|119|197|215|85|94|155)\.(11|29|116|21|126|110|122|180|225|107|121|51)|54\.(148|186|187|191)\.(73|37|128|143|92|32|40|67|80|135|136|137|148|149|151)\.(118|105|167|184|57|65|136|23|119|209|176|17|85|225|8|18))$
netvisibilitygroupParticipantBOOM! That did it! Thank you!
AITpro AdminKeymasterGreat! Thanks for confirming that worked.
Reina Fe CanastraParticipantI can’t understand. How am I gonna fix this 403-forbidden problem in my site. I feel so sad 🙁
AITpro AdminKeymaster@ Reina Fe Canastra – Is the same ManageWP problem occurring? Are you seeing the same Security Log entry?
Your BPS Security Log logs blocked hackers, spammers, etc. & also logs anything else that BPS may be blocking in another Plugin or Theme. To confirm or eliminate that BPS or BPS Pro is blocking something in another Plugin or Theme click the appropriate troubleshooting link below. If you have confirmed that BPS is blocking something in another Plugin or Theme then post the Security Log entry from your BPS Security Log that shows exactly what is being blocked. A whitelist rule can then be created in BPS Custom Code to allow (whitelist) whatever is being blocked by BPS.
BPS Pro Troubleshooting Steps
BPS Troubleshooting StepsJamesParticipantHi guys,
Just trying to setup ManageWP and having problems adding some sites protected by BPS. The error message given by the ManageWP site is “Connection problem (403 Forbidden). It looks like some of our IP addresses are not properly whitelisted in your security plugin or WAF.”
I have the following code in the CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE box, which I have updated with the suggested whitelist rule above:
# BPS POST Request Attack Protection RewriteCond %{REQUEST_METHOD} POST [NC] # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC] # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON RewriteCond %{REQUEST_URI} !^.*/wp-cron.php [NC] # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON RewriteCond %{REQUEST_URI} !^.*/wp-login.php [NC] # Whitelist ManageWP IP Addresses RewriteCond %{REMOTE_ADDR} RewriteCond %{REMOTE_ADDR} !^(192\.155\.230\.147|174\.37\.199\.34|89\.216\.23\.220|77\.105\.2\.4[234567]|52\.(2[4567]|8[89])\.(62|187|116|122|171|181|96|119|197|215|85|94|155)\.(11|29|116|21|126|110|122|180|225|107|121|51)|54\.(148|186|187|191)\.(73|37|128|143|92|32|40|67|80|135|136|137|148|149|151)\.(118|105|167|184|57|65|136|23|119|209|176|17|85|225|8|18))$ # Whitelist the WordPress Theme Customizer RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php [NC] # Whitelist Network|Multisite Signup POST Form Requests RewriteCond %{REQUEST_URI} !^.*/wp-signup.php [NC] # Whitelist Network|Multisite Activate POST Form Requests RewriteCond %{REQUEST_URI} !^.*/wp-activate.php [NC] # Whitelist Comments POST Form Requests RewriteCond %{REQUEST_URI} !^.*/wp-comments-post.php [NC] # Example 1: Whitelist Star Rating Calculator POST Form Requests RewriteCond %{REQUEST_URI} !^.*/star-rating-calculator.php [NC] # Example 2: Whitelist Contact Form POST Requests RewriteCond %{REQUEST_URI} !^.*/contact/ [NC] # Example 3: Whitelist PayPal IPN API Script POST Requests RewriteCond %{REQUEST_URI} !^.*/ipn_handler.php [NC] RewriteRule ^(.*)$ - [F]
But this doesn’t seem to work and I get this entry in the security log file:
[403 POST Request: January 5, 2017 2:13 am] BPS: .54.2 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.191.137.17 Host Name: ec2-54-191-137-17.us-west-2.compute.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: 54.191.137.17 HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://mysite.com REQUEST_URI: /wp-load.php?mwprid=586dabbf6ab919.88288221 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36 REQUEST BODY: {"params":{"site_url":"http:\/\/mysites.com","public_key":"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF4RnN2MVppbUVNaS9uTVM1cm1rMQprckVPVEI0Z3ZoNXhjZkNaL1ZSNFdacUF6Tk11UDJxeHErRE1GeU5WbkJEUXpwdjZ6ZjJDYUFSUFVjUmhqZ2xLClYzSGYxNkp2bDgwbnJBalJyOHRrd0kvQlc3QkRBZHdraDRXZS9pd3hHSUJYU3Bzc1pONitLNkJFWEl2eHZaRGwKV2pPU1RyeDRzdXlnNG5ETWFCb1pQeFh0ck5rK0NRQUpvSk54dzI2QTc1RUcrWTQwd0FHWFFoNURnN3kxdTBPSgppSTl3OWQ5MWtkeVNJMWJ5Mm1sQ0UzMktDUmpRWUlsSXNabHlwUn
I’m guessing that the relevant ManageWP IP address isn’t listed in the code perhaps? But I cannot decipher the shorthand way that you have cleverly written the IP address list!
There is a full list of IP addresses on the ManageWP website here:
https://managewp.com/troubleshooting/general/managewp-ips-can-white-list
Would it be possible for you to confirm whether the IP being blocked is missing from the whitelist rule, and if so, update the whitelist rule to include all the current ManageWP IP addresses please?
Thank you, James 🙂
JamesParticipantThis is really weird, just taken me an hour to try and get the above reply to post properly! Seems to be an issue with using the code tags for the first block of code. I have had to remove two blocks of code from where the extra spaces are shown above, otherwise it just wouldn’t accept the post.
# White list XML-RPC Ping backs, Jet Pack and Remote Po sting PO ST Requests RewriteCond %{REQUEST_URI} !^.*/xmlrpc.php [NC] # White list Track back PO ST Requests RewriteCond %{REQUEST_URI} !^.*/wp- track back .php [NC]
These are the two blocks of code which I have isolated by trial and error. The only way I can get them to post as code in the above code block has been to add random spaces to break-up some of the words and presumably break code that was being interpreted somehow by the forum?
What am I doing wrong here with regards to posting code????
AITpro AdminKeymaster@ James – The first thing you need to do is the BPS Pro troubleshooting steps to isolate where the problem is occurring: https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting I assume it is going to be your Custom Code in the root htaccess file. So do troubleshooting step #1 and test. Things change fast in the WP plugin world and coding world in general.
AITpro AdminKeymasterPosting code worked fine for me. Above test post has been deleted. I will also test a Subscriber user account and see what happens.
LynneParticipantTest post as a subscriber/participant
JamesParticipantOk, so deactivated the BPS secure htaccess and ManageWP worked. Reinstated the protected htaccess but with the following code removed from the custom code, and it still worked:
I still cannot get the code to post if I include the “White list XML-RPC Ping backs, Jet Pack and Remote Po sting PO ST Requests” or “White list Track back PO ST Requests” code lines in the code pasted above!
So I think it is the “BPS POST Request Attack Protection” custom code that is stopping ManageWP from connecting to my WP install, presumably because not all the IPs are listed in the whitelist rule?
Thanks, James
AITpro AdminKeymasterYep, there is a new bbPress or BuddyPress problem occurring. I was unable to post code as a subscriber/participant. I will have test this on a dev site in about an hour to figure out why the new versions of bbPress or BuddyPress is doing that.
JamesParticipantGlad you were able to replicate the problem, thought I was going mad there for a while and it seems to have taken me all morning to narrow the offending code down to those two blocks pasted as code (broken up with spaces) above!
If you have a moment to check / update the ManageWP whitelist rule, that would be amazing, thank you! 🙂
AITpro AdminKeymaster@ James – hmm ManageWP has changed all of their IP addresses. So basically the old IP whitelisting code would no longer work anymore. I will create a new whitelist rule for them.
You should be seeing a Security Log entry for managewp. If you are not then that could be the problem. Are you using any caching plugins or CDN’s or CloudFlare or anthing else the wrecks your website pages Source Code?
-
AuthorPosts
- You must be logged in to reply to this topic.