ManageWP 403 Error – POST

Home Forums BulletProof Security Pro ManageWP 403 Error – POST

Tagged: 

This topic contains 45 replies, has 5 voices, and was last updated by  James 1 year, 5 months ago.

Viewing 15 posts - 1 through 15 (of 46 total)
  • Author
    Posts
  • #25870

    netvisibilitygroup
    Participant

    We use Manage WP to manage several sites and it’s getting blocked by BPS. I have whitelisted the IP addresses, but the problem is that the POST method is being blocked. How can I open this up? Here’s the security log error:

    [403 POST Request: October 21, 2015 - 10:29 am]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 192.155.230.147
    Host Name: 93.e6.9bc0.ip4.static.sl-reverse.com
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: POST
    HTTP_REFERER: https://managewp.com
    REQUEST_URI: /
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
    REQUEST BODY: {"setting":{"notice":"<style scoped=\"scoped\">\n            #mwp_notice_div.mwp_notice {\n                background: #00689f; \/* Old browsers *\/\n                background: -moz-linear-gradient(top,  #00689f 0%, #00639a 25%, #005388 72%, #004e83 100%); \/* FF3.6+ *\/\n                background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#00689f), color-stop(25%,#00639a), color-stop\n\n(72%,#005388), color-stop(100%,#004e83)); \/* Chrome,Safari4+ *\/\n                back
    

    Thanks!

    #25871

    AITpro Admin
    Keymaster

    All of the ManageWP IP addresses are:

    192.155.230.147
    174.37.199.34
    89.216.23.220
    77.105.2.42
    77.105.2.43
    77.105.2.44
    77.105.2.45
    77.105.2.46
    77.105.2.47

    So this should work to whitelist all of the ManageWP IP addresses.  The only potential problem I see is that if you add this additional conditional IP checking line of RewriteCond code then you may also have to add/whitelist your Server’s/website’s IP address too. Try the code without adding your website/server IP address and test if you can Login to your site.  If you cannot login then delete the root htaccess file, login and add your Server/website IP address that you see on the BPS System Info page.

    BPS POST Request Attack Protection Bonus Custom Code: http://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/

    # BPS POST Request Attack Protection
    RewriteCond %{REQUEST_METHOD} POST [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-cron.php [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-login.php [NC]
    # Whitelist ManageWP IP Addresses
    RewriteCond %{REMOTE_ADDR} !^(192\.155\.230\.147|174\.37\.199\.34|89\.216\.23\.220|77\.105\.2\.4[234567])$
    # Whitelist the WordPress Theme Customizer
    RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php
    # Whitelist XML-RPC Pingbacks, JetPack and Remote Posting POST Requests
    RewriteCond %{REQUEST_URI} !^.*/xmlrpc.php [NC]
    # Whitelist Network|Multisite Signup POST Form Requests
    RewriteCond %{REQUEST_URI} !^.*/wp-signup.php [NC]
    # Whitelist Network|Multisite Activate POST Form Requests
    RewriteCond %{REQUEST_URI} !^.*/wp-activate.php [NC]
    # Whitelist Trackback POST Requests
    RewriteCond %{REQUEST_URI} !^.*/wp-trackback.php [NC]
    # Whitelist Comments POST Form Requests
    RewriteCond %{REQUEST_URI} !^.*/wp-comments-post.php [NC]
    RewriteRule ^(.*)$ - [F]

    UPDATE: 11-13-2015
    Information provided by Jason Press. Thanks Jason!

    ManageWP is in the process of phasing out its “Classic” interface and introducing a new interface called “Orion”. The new interface is currently available as a kind of “mirroring” option for all “Classic” users (i.e. you can switch back and forth between the interfaces…Orion will be completely replacing the “Classic” interface sometime early next year). Orion has a different block of IP addresses from ManageWP and I did need to whitelist them all in order for both interfaces to work correctly with my sites. Here’s the full block of code I added to the Post Request Attack Protection code, which seems to be working well so far:

    RewriteCond %{REMOTE_ADDR} !^(192\.155\.230\.147|174\.37\.199\.34|89\.216\.23\.220|77\.105\.2\.4[234567]|52\.24\.62\.11|52\.24\.187\.29|52\.25\.116\.116|52\.26\.122\.21|52\.27\.171\.126|52\.27\.181\.126|52\.88\.96\.110|52\.88\.119\.122|52\.88\.197\.180|52\.88\.215\.225|52\.89\.85\.107|52\.89\.94\.121|52\.89\.155\.51|54\.148\.73\.118|54\.186\.37\.105|54\.186\.128\.167|54\.186\.143\.184|54\.187\.92\.57|54\.191\.32\.65|54\.191\.40\.136|54\.191\.67\.23|54\.191\.80\.119|54\.191\.135\.209|54\.191\.136\.176|54\.191\.137\.17|54\.191\.148\.85|54\.191\.148\.225|54\.191\.149\.8|54\.191\.151\.18)$

    RegEx version slightly shorter code/whitelist rule

    RewriteCond %{REMOTE_ADDR} !^(192\.155\.230\.147|174\.37\.199\.34|89\.216\.23\.220|77\.105\.2\.4[234567]|52\.(2[4567]|8[89])\.(62|187|116|122|171|181|96|119|197|215|85|94|155)\.(11|29|116|21|126|110|122|180|225|107|121|51)|54\.(148|186|187|191)\.(73|37|128|143|92|32|40|67|80|135|136|137|148|149|151)\.(118|105|167|184|57|65|136|23|119|209|176|17|85|225|8|18))$
    #25873

    netvisibilitygroup
    Participant

    BOOM! That did it! Thank you!

    #25875

    AITpro Admin
    Keymaster

    Great!  Thanks for confirming that worked.

    #27674

    Reina Fe Canastra
    Participant

    I can’t understand. How am I gonna fix this 403-forbidden problem in my site. I feel so sad 🙁

    #27675

    AITpro Admin
    Keymaster

    @ Reina Fe Canastra – Is the same ManageWP problem occurring?  Are you seeing the same Security Log entry?

    Your BPS Security Log logs blocked hackers, spammers, etc. & also logs anything else that BPS may be blocking in another Plugin or Theme. To confirm or eliminate that BPS or BPS Pro is blocking something in another Plugin or Theme click the appropriate troubleshooting link below. If you have confirmed that BPS is blocking something in another Plugin or Theme then post the Security Log entry from your BPS Security Log that shows exactly what is being blocked. A whitelist rule can then be created in BPS Custom Code to allow (whitelist) whatever is being blocked by BPS.
    BPS Pro Troubleshooting Steps
    BPS Troubleshooting Steps

    #31993

    James
    Participant

    Hi guys,

    Just trying to setup ManageWP and having problems adding some sites protected by BPS.  The error message given by the ManageWP site is “Connection problem (403 Forbidden). It looks like some of our IP addresses are not properly whitelisted in your security plugin or WAF.”

    I have the following code in the CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE box, which I have updated with the suggested whitelist rule above:

    # BPS POST Request Attack Protection
    RewriteCond %{REQUEST_METHOD} POST [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-cron.php [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-login.php [NC]
    # Whitelist ManageWP IP Addresses
    RewriteCond %{REMOTE_ADDR} RewriteCond %{REMOTE_ADDR} !^(192\.155\.230\.147|174\.37\.199\.34|89\.216\.23\.220|77\.105\.2\.4[234567]|52\.(2[4567]|8[89])\.(62|187|116|122|171|181|96|119|197|215|85|94|155)\.(11|29|116|21|126|110|122|180|225|107|121|51)|54\.(148|186|187|191)\.(73|37|128|143|92|32|40|67|80|135|136|137|148|149|151)\.(118|105|167|184|57|65|136|23|119|209|176|17|85|225|8|18))$
    # Whitelist the WordPress Theme Customizer
    RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php [NC]
    
    # Whitelist Network|Multisite Signup POST Form Requests
    RewriteCond %{REQUEST_URI} !^.*/wp-signup.php [NC]
    # Whitelist Network|Multisite Activate POST Form Requests
    RewriteCond %{REQUEST_URI} !^.*/wp-activate.php [NC]
    
    # Whitelist Comments POST Form Requests
    RewriteCond %{REQUEST_URI} !^.*/wp-comments-post.php [NC]
    # Example 1: Whitelist Star Rating Calculator POST Form Requests
    RewriteCond %{REQUEST_URI} !^.*/star-rating-calculator.php [NC]
    # Example 2: Whitelist Contact Form POST Requests
    RewriteCond %{REQUEST_URI} !^.*/contact/ [NC]
    # Example 3: Whitelist PayPal IPN API Script POST Requests
    RewriteCond %{REQUEST_URI} !^.*/ipn_handler.php [NC]
    RewriteRule ^(.*)$ - [F]
    

    But this doesn’t seem to work and I get this entry in the security log file:

    [403 POST Request: January 5, 2017 2:13 am]
    BPS: .54.2
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 54.191.137.17
    Host Name: ec2-54-191-137-17.us-west-2.compute.amazonaws.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 54.191.137.17
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://mysite.com
    REQUEST_URI: /wp-load.php?mwprid=586dabbf6ab919.88288221
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
    REQUEST BODY: {"params":{"site_url":"http:\/\/mysites.com","public_key":"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF4RnN2MVppbUVNaS9uTVM1cm1rMQprckVPVEI0Z3ZoNXhjZkNaL1ZSNFdacUF6Tk11UDJxeHErRE1GeU5WbkJEUXpwdjZ6ZjJDYUFSUFVjUmhqZ2xLClYzSGYxNkp2bDgwbnJBalJyOHRrd0kvQlc3QkRBZHdraDRXZS9pd3hHSUJYU3Bzc1pONitLNkJFWEl2eHZaRGwKV2pPU1RyeDRzdXlnNG5ETWFCb1pQeFh0ck5rK0NRQUpvSk54dzI2QTc1RUcrWTQwd0FHWFFoNURnN3kxdTBPSgppSTl3OWQ5MWtkeVNJMWJ5Mm1sQ0UzMktDUmpRWUlsSXNabHlwUn

    I’m guessing that the relevant ManageWP IP address isn’t listed in the code perhaps?  But I cannot decipher the shorthand way that you have cleverly written the IP address list!

    There is a full list of IP addresses on the ManageWP website here:

    https://managewp.com/troubleshooting/general/managewp-ips-can-white-list

    Would it be possible for you to confirm whether the IP being blocked is missing from the whitelist rule, and if so, update the whitelist rule to include all the current ManageWP IP addresses please?

    Thank you, James 🙂

    #31994

    James
    Participant

    This is really weird, just taken me an hour to try and get the above reply to post properly! Seems to be an issue with using the code tags for the first block of code. I have had to remove two blocks of code from where the extra spaces are shown above, otherwise it just wouldn’t accept the post.

    # White list XML-RPC Ping backs, Jet Pack and Remote Po sting PO ST Requests
    RewriteCond %{REQUEST_URI} !^.*/xmlrpc.php [NC]
    # White list Track back PO ST Requests
    RewriteCond %{REQUEST_URI} !^.*/wp- track back .php [NC]
    

    These are the two blocks of code which I have isolated by trial and error. The only way I can get them to post as code in the above code block has been to add random spaces to break-up some of the words and presumably break code that was being interpreted somehow by the forum?

    What am I doing wrong here with regards to posting code????

    #31995

    AITpro Admin
    Keymaster

    @ James – The first thing you need to do is the BPS Pro troubleshooting steps to isolate where the problem is occurring:  https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting  I assume it is going to be your Custom Code in the root htaccess file.  So do troubleshooting step #1 and test.  Things change fast in the WP plugin world and coding world in general.

    #31997

    AITpro Admin
    Keymaster

    Posting code worked fine for me.  Above test post has been deleted.  I will also test a Subscriber user account and see what happens.

    #32000

    Lynne
    Participant

    Test post as a subscriber/participant

    #32001

    James
    Participant

    Ok, so deactivated the BPS secure htaccess and ManageWP worked. Reinstated the protected htaccess but with the following code removed from the custom code, and it still worked:

    I still cannot get the code to post if I include the “White list XML-RPC Ping backs, Jet Pack and Remote Po sting PO ST Requests” or “White list Track back PO ST Requests” code lines in the code pasted above!

    So I think it is the “BPS POST Request Attack Protection” custom code that is stopping ManageWP from connecting to my WP install, presumably because not all the IPs are listed in the whitelist rule?

    Thanks, James

    #32002

    AITpro Admin
    Keymaster

    Yep, there is a new bbPress or BuddyPress problem occurring.  I was unable to post code as a subscriber/participant.  I will have test this on a dev site in about an hour to figure out why the new versions of bbPress or BuddyPress is doing that.

    #32003

    James
    Participant

    Glad you were able to replicate the problem, thought I was going mad there for a while and it seems to have taken me all morning to narrow the offending code down to those two blocks pasted as code (broken up with spaces) above!

    If you have a moment to check / update the ManageWP whitelist rule, that would be amazing, thank you! 🙂

    #32004

    AITpro Admin
    Keymaster

    @ James – hmm ManageWP has changed all of their IP addresses.  So basically the old IP whitelisting code would no longer work anymore.  I will create a new whitelist rule for them.

    You should be seeing a Security Log entry for managewp.  If you are not then that could be the problem.  Are you using any caching plugins or CDN’s or CloudFlare or anthing else the wrecks your website pages Source Code?

Viewing 15 posts - 1 through 15 (of 46 total)

You must be logged in to reply to this topic.