Restrict Content Pro – Registration form 403 error

Home Forums BulletProof Security Pro Restrict Content Pro – Registration form 403 error

Tagged: 

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • August 23, 2017 at 12:24 pm #33890
    Living Miracles
    Participant

    Hi,

    I just got an email from someone trying to sign up to our subscription-based website, https://acim.me, saying that they couldn’t complete the registration process. They got the following error:
    acim.me
    403 Forbidden Error Page
    If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.

    I tried it myself as well, and then checked the PHP error log; here’s what it says:

    IP Address: 213.205.194.213

    [403 POST Request: August 23, 2017 - 1:21 pm]
BPS Pro: 13.2
WP: 4.8.1
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 216.117.232.13
Host Name: d216-117-232-13.allwest.net
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: POST
HTTP_REFERER: https://acim.me/membership/
REQUEST_URI: /membership/
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36
REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data

    Could you help me resolve this swiftly, please?

    Thank you!

    August 23, 2017 at 12:51 pm #33891
    AITpro Admin
    Keymaster

    The 403 error is a generic web host server error message and not the BPS 403 template error page.  That problem is most likely caused by the Autooptimize plugin that you have installed.  I see that you are compressing/minifying your Source Code, which means that you cannot use the BPS Pro Plugin Firewall feature since .js compression/minification breaks the BPS Pro Plugin Firewall.

    To isolate exactly what is causing the problem you need to factor in these 2 things for BPS Pro:
    If you are using the BPS POST Attack Protection Bonus Custom Code then you need to create a whitelist rule for the Restrict Content Pro Registration form POST Request.
    If you are using the BPS Brute Force Login attack protection Bonus Custom Code that blocks Server Protocal HTTP/1.0 then you will need to delete it from Custom Code > The Server Protocol logged in the Security Log entry is:  SERVER_PROTOCOL: HTTP/1.0 and not HTTP/1.1.

    Ok so now you want to do the standard BPS Pro troubleshooting steps to confirm or eliminate that BPS is causing the problem and to isolate where the problem is occurring.  The logical troubleshooting steps to use are: 1, 2, 3, 6 and 7.

    BPS Pro Troubleshooting steps:  https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

    August 23, 2017 at 1:08 pm #33892
    Living Miracles
    Participant

    Hi,

    This isn’t the BPS Pro 403 error page?? http://i.imgur.com/e70Q8gp.png

    August 23, 2017 at 1:10 pm #33893
    AITpro Admin
    Keymaster

    Oops yep it is.  Continue with BPS Pro troubleshooting steps and let me know what you find out.

    August 23, 2017 at 1:15 pm #33894
    Living Miracles
    Participant

    Heh, ok 🙂 Cool, I just added /membership/ to our POST request attack code and everything’s working!

    Thanks!

    August 23, 2017 at 1:23 pm #33895
    AITpro Admin
    Keymaster

    Great!

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.