ManageWP 403 Error – POST

[James]

Cloudflare!

[AITpro Admin]

@ James – ok here ya go. FYI – you had duplicate lines of code in the code you posted so be sure to delete your code – RewriteCond was duplicated.
[bad code deleted – see good code below]

[James]

Thanks 🙂

But is breaks my site with a 500 server error when I add that to the custom code and activate the secure htaccess!

Guess this is a syntax problem, missing space, return or something? Could you please perhaps post the entire “BPS POST Request Attack Protection” code block from the 2nd post in this thread so I can do a direct cut and paste to remove any errors I am introducing from editing?

It’s definitely the above new whitelist code line causing the 500 error, removed it leaving everything else the same and the secure htaccess works fine. (I would post the code I have, but seems I can’t without adding extra spaces to break it and that is going to break other sites if people copy it, so would be good if you could provide a definitive full code block that us idiots can copy and paste in full!).

Many many thanks….

[AITpro Admin]

oops reversed the \. Tested this code and it works.

RewriteCond %{REMOTE_ADDR} 
!^(35\.162\.254\.253|52\.11\.12\.231|52\.11\.29\.70|52\.11\.54\.161|52\.24\.142\.159|52\.25\.191\.255|52\.27\.181\.126|52\.34\.126\.117|52\.34\.254\.47|52\.35\.82\.99|52\.36\.28\.80|52\.38\.106\.97|52\.39\.177\.152|52\.41\.230\.148|52\.41\.237\.12|52\.42\.126\.166|52\.43\.13\.71|52\.43\.76\.224|52\.88\.96\.110|52\.89\.155\.51|54\.148\.73\.118|54\.186\.37\.105|54\.187\.92\.57|54\.191\.32\.65|54\.191\.67\.23|54\.191\.80\.119|54\.191\.135\.209|54\.191\.136\.176|54\.191\.137\.17|54\.191\.148\.85|54\.191\.149\.8|52\.26\.122\.21|52\.24\.187\.29|52\.89\.85\.107|54\.186\.128\.167|54\.191\.40\.136|52\.24\.62\.11|52\.88\.119\.122|54\.191\.148\.225|54\.191\.151\.18|52\.89\.94\.121|52\.25\.116\.116|52\.88\.215\.225|54\.186\.143\.184|52\.88\.197\.180|52\.27\.171\.126)$

[James]

A line break seems to have crept in on your above code so that the “RewriteCond %{REMOTE_ADDR}” and subsequent list of IP addresses were on different lines when pasted into the custom code box in BPS, which created a 500 server error. This wasn’t obvious until I looked at the htaccess in a code editor and saw that the code was split over two line numbers!

So for anyone else using this, make sure that there is only a space and no line return between the “RewriteCond %{REMOTE_ADDR}” and subsequent list of IPs.

# Whitelist ManageWP IP Addresses
RewriteCond %{REMOTE_ADDR} !^(35\.162\.254\.253|52\.11\.12\.231|52\.11\.29\.70|52\.11\.54\.161|52\.24\.142\.159|52\.25\.191\.255|52\.27\.181\.126|52\.34\.126\.117|52\.34\.254\.47|52\.35\.82\.99|52\.36\.28\.80|52\.38\.106\.97|52\.39\.177\.152|52\.41\.230\.148|52\.41\.237\.12|52\.42\.126\.166|52\.43\.13\.71|52\.43\.76\.224|52\.88\.96\.110|52\.89\.155\.51|54\.148\.73\.118|54\.186\.37\.105|54\.187\.92\.57|54\.191\.32\.65|54\.191\.67\.23|54\.191\.80\.119|54\.191\.135\.209|54\.191\.136\.176|54\.191\.137\.17|54\.191\.148\.85|54\.191\.149\.8|52\.26\.122\.21|52\.24\.187\.29|52\.89\.85\.107|54\.186\.128\.167|54\.191\.40\.136|52\.24\.62\.11|52\.88\.119\.122|54\.191\.148\.225|54\.191\.151\.18|52\.89\.94\.121|52\.25\.116\.116|52\.88\.215\.225|54\.186\.143\.184|52\.88\.197\.180|52\.27\.171\.126)$

I have tested the above code and can confirm that it activates fine (no 500 sever error), but ManageWP still won’t connect :'(

Is 54.191.137.17 included in the list of IPs in the whitelist code? I can’t make head nor tails of the syntax I’m afraid.

[AITpro Admin]

@ James – Yeah I was wondering about that because the POST Attack protection code only blocks POST attacks and that Security Log entry is a GET Request. But I can see a Request Body was sent so that is a POST Request that is being seen as a GET Request because the Request itself is totally fubar.  You will not be able to use the POST Attack Protection code at all because ManageWP is sending a POST Request to the root site URL for your website.  In other words, there is nothing you can do about that.

[James]

Hmmm, but….

I don’t think that 54.191.137.17 is being included in the above whitelist rule. I added it as a separate whitelist rule by itself (as per code below) and it works fine with ManageWP being able to connect to my WP site.

# Whitelist ManageWP IP Addresses
RewriteCond %{REMOTE_ADDR} !^(35\.162\.254\.253|52\.11\.12\.231|52\.11\.29\.70|52\.11\.54\.161|52\.24\.142\.159|52\.25\.191\.255|52\.27\.181\.126|52\.34\.126\.117|52\.34\.254\.47|52\.35\.82\.99|52\.36\.28\.80|52\.38\.106\.97|52\.39\.177\.152|52\.41\.230\.148|52\.41\.237\.12|52\.42\.126\.166|52\.43\.13\.71|52\.43\.76\.224|52\.88\.96\.110|52\.89\.155\.51|54\.148\.73\.118|54\.186\.37\.105|54\.187\.92\.57|54\.191\.32\.65|54\.191\.67\.23|54\.191\.80\.119|54\.191\.135\.209|54\.191\.136\.176|54\.191\.137\.17|54\.191\.148\.85|54\.191\.149\.8|52\.26\.122\.21|52\.24\.187\.29|52\.89\.85\.107|54\.186\.128\.167|54\.191\.40\.136|52\.24\.62\.11|52\.88\.119\.122|54\.191\.148\.225|54\.191\.151\.18|52\.89\.94\.121|52\.25\.116\.116|52\.88\.215\.225|54\.186\.143\.184|52\.88\.197\.180|52\.27\.171\.126)$
RewriteCond %{REMOTE_ADDR} ^54\.191\.137\.17$

[James]

Yes, adding 54.191.137.17 as a separate whitelist rule definitely seems to do the trick. With this line in place, I can now successfully connect the given website to ManageWP! Is the whitelist rule for the long list of ManageWP IP addresses definitely correct and complete?

[AITpro Admin]

@ James – Ok contact ManageWP and get them to update their IP address list on their IP address list help page.

[James]

But 54.191.137.17 is already listed on their list of IP address here!
https://managewp.com/troubleshooting/general/managewp-ips-can-white-list

[AITpro Admin]

@ James – Hmm odd.  I was in a hurry and juggling 10 other things and just used automated RegEx search and replace in one shot to create the whitelist rule in less than 1 second.  So something went wrong.  I’ll spend another 9 seconds on this and run it again while actually looking at my computer monitor this time.  😉

[AITpro Admin]

Re-run

RewriteCond %{REMOTE_ADDR} !^(35\.162\.254\.253|52\.11\.12\.231|52\.11\.29\.70|52\.11\.54\.161|52\.24\.142\.159|52\.25\.191\.255|52\.27\.181\.126|52\.34\.126\.117|52\.34\.254\.47|52\.35\.82\.99|52\.36\.28\.80|52\.38\.106\.97|52\.39\.177\.152|52\.41\.230\.148|52\.41\.237\.12|52\.42\.126\.166|52\.43\.13\.71|52\.43\.76\.224|52\.88\.96\.110|52\.89\.155\.51|54\.148\.73\.118|54\.186\.37\.105|54\.187\.92\.57|54\.191\.32\.65|54\.191\.67\.23|54\.191\.80\.119|54\.191\.135\.209|54\.191\.136\.176|54\.191\.137\.17|54\.191\.148\.85|54\.191\.149\.8|52\.26\.122\.21|52\.24\.187\.29|52\.89\.85\.107|54\.186\.128\.167|54\.191\.40\.136|52\.24\.62\.11|52\.88\.119\.122|54\.191\.148\.225|54\.191\.151\.18|52\.89\.94\.121|52\.25\.116\.116|52\.88\.215\.225|54\.186\.143\.184|52\.88\.197\.180|52\.27\.171\.126)$

[James]

Sorry, but this still doesn’t work :'(

I have this in my custom code:

# Whitelist ManageWP IP Addresses
RewriteCond %{REMOTE_ADDR} !^(35\.162\.254\.253|52\.11\.12\.231|52\.11\.29\.70|52\.11\.54\.161|52\.24\.142\.159|52\.25\.191\.255|52\.27\.181\.126|52\.34\.126\.117|52\.34\.254\.47|52\.35\.82\.99|52\.36\.28\.80|52\.38\.106\.97|52\.39\.177\.152|52\.41\.230\.148|52\.41\.237\.12|52\.42\.126\.166|52\.43\.13\.71|52\.43\.76\.224|52\.88\.96\.110|52\.89\.155\.51|54\.148\.73\.118|54\.186\.37\.105|54\.187\.92\.57|54\.191\.32\.65|54\.191\.67\.23|54\.191\.80\.119|54\.191\.135\.209|54\.191\.136\.176|54\.191\.137\.17|54\.191\.148\.85|54\.191\.149\.8|52\.26\.122\.21|52\.24\.187\.29|52\.89\.85\.107|54\.186\.128\.167|54\.191\.40\.136|52\.24\.62\.11|52\.88\.119\.122|54\.191\.148\.225|54\.191\.151\.18|52\.89\.94\.121|52\.25\.116\.116|52\.88\.215\.225|54\.186\.143\.184|52\.88\.197\.180|52\.27\.171\.126)$
# RewriteCond %{REMOTE_ADDR} ^54\.191\.137\.17$

With the second whitelist rule commented out as above, ManageWP can’t connect and I get the following security log entry:

Uncomment the second whitelist rule (so that 54.191.137.17 is explicitly whitelisted) and everything works correctly. So it seems as though the list of IP addresses still isn’t including this particular all-important IP address?

Sorry this is turning into a bit of a headache, I only wish I had the skills to check and tweak the code myself!

[AITpro Admin]

@James – Something is definitely wrong.  Your condition is reversed.  It should be “is not” !^ and not “is” ^.  Email your root htaccess file to:  info at ait-pro dot com so I can take a look at it.

[James]

Ok, email sent with a copy of my root htaccess file, thanks.

Sorry about error with the syntax for “is” versus “is not” that you spotted. I have updated the code to be:

# Whitelist ManageWP IP Addresses
RewriteCond %{REMOTE_ADDR} !^(35\.162\.254\.253|52\.11\.12\.231|52\.11\.29\.70|52\.11\.54\.161|52\.24\.142\.159|52\.25\.191\.255|52\.27\.181\.126|52\.34\.126\.117|52\.34\.254\.47|52\.35\.82\.99|52\.36\.28\.80|52\.38\.106\.97|52\.39\.177\.152|52\.41\.230\.148|52\.41\.237\.12|52\.42\.126\.166|52\.43\.13\.71|52\.43\.76\.224|52\.88\.96\.110|52\.89\.155\.51|54\.148\.73\.118|54\.186\.37\.105|54\.187\.92\.57|54\.191\.32\.65|54\.191\.67\.23|54\.191\.80\.119|54\.191\.135\.209|54\.191\.136\.176|54\.191\.137\.17|54\.191\.148\.85|54\.191\.149\.8|52\.26\.122\.21|52\.24\.187\.29|52\.89\.85\.107|54\.186\.128\.167|54\.191\.40\.136|52\.24\.62\.11|52\.88\.119\.122|54\.191\.148\.225|54\.191\.151\.18|52\.89\.94\.121|52\.25\.116\.116|52\.88\.215\.225|54\.186\.143\.184|52\.88\.197\.180|52\.27\.171\.126)$
RewriteCond %{REMOTE_ADDR} !^54\.191\.137\.17$

ManageWP does NOT work with this corrected code. Here is the security log output for ManageWP trying to connect to add the site:

So my additional whitelist line with just 54.191.137.17 is obviously null and void, and after figuring out the syntax from your provided IP list, I see that that IP is included in the list anyway.

Any ideas please?

[Author]

Posts