Nextgen Gallery 403 error

[Art]

Hi Ed,

What settings can you recommend for whitelisting nextgen gallery? When I click Manage Gallery on my site (thegrotonline.com), I’m getting a 403.

Thanks,
Art

[AITpro Admin]

Check the BPS Pro Security Log and post the error that is related to Nextgen.

[Art]

The log:

>>>>>>>>>>> 403 GET or Other Request Error Logged - July 31, 2013 - 12:46 pm <<<<<<<<<<<
REMOTE_ADDR: 66.249.75.97
Host Name: crawl-66-249-75-97.googlebot.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 66.249.75.97
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/plugins/nextgen-gallery/xml/media-rss.php?gid=168&mode=gallery
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

I had added /nextgen-gallery/js/(.*).js to the whitelist area.

[AITpro Admin]

The Plugin Firewall whitelist rule for this file/script would be this:  /nextgen-gallery/xml/media-rss.php

Click the Plugin Firewall menu link, click on the Firewall Whitelist Tools accordian tab, add this  plugin whitelist rule below into the  Plugins Script/File Whitelist Text Area, click the Save Whitelist Options button and activate the Plugin Firewall again.

/nextgen-gallery/xml/media-rss.php

Plugin whitelist rules MUST use this general (not literal) format:  /plugin-folder-name/plugin-script.js, /another-plugin-folder-name/another-plugin-script.js  Plugin Firewall whitelist rules MUST be separated by a comma and a space between each whitelist rule.

Reference/Source:  http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/

[Glasairmell]

[Topic has been merged into this similar Topic]

Certain Nextgen gallery .js scripts are bering blocked by the BPS pro firewall even though they are in the white list. This causes galleries not to load. As a last ditch effort I added the affected plugin directory to the Plugin over ride.

The wp_bpspro_pfw_override table is being created in the db with and the .htaccess file date is changing in the plugin directory but no information is being put there and the problem continues to occur.  Yes I have restarted the firewall, cleared caches and tried various ideas.

I have other WordPress sites that I installed BPS pro on however let’s just work with this one to start with.

Perhaps it is something simple I am overlooking however BPS can be a time sink and steep learning curve on nagging issues like this.

Cheers!

[AITpro Admin]

@ Glasairmell – this is an older topic, but to keep things organized with relevant things I have merged your topic into this similar topic.

Post your Plugin Firewall whitelist rules from the Plugin Firewall Whitelist Text Area.  Are you using a Minify plugin or doing anything with automated minification on this website?

[AITpro Admin]

Looks like this is the site with NextGen problems:  ca-xxxxx.us.

When I scan the site remotely with the BPS Pro cURL Scan Pro-Tool these are the scan results/plugin script whitelist rules:

/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ajax.js, /nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/persist.js, /nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/store.js, /nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ngg_store.js, /nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/lightbox_context.js, /contact-form-7/includes/js/jquery.form.min.js, /contact-form-7/includes/js/scripts.js, /nextgen-gallery/products/photocrati_nextgen/modules/nextgen_gallery_display/static/common.js, /nextgen-gallery/products/photocrati_nextgen/modules/nextgen_basic_gallery/static/thumbnails/nextgen_basic_thumbnails.js, /nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/shutter/shutter.js, /nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/shutter/nextgen_shutter.js

These whitelist rules above can be condensed using Regular Expression (Regex) code as shown below:
NextGen Gallery is a perfect example of a plugin where Regex code should be used. In the latest release of NextGen Gallery I believe at least 3 – 5 new frontloading js scripts were added to NextGen. The point is that if you use Regex then if new/more js scripts are added to NextGen in future releases (very likely at the rate js scripts are being added to NextGen) then they will already be whitelisted by using Regex Plugin Firewall whitelist rules.

/nextgen-gallery/products/photocrati_nextgen/modules/(.*).js, /contact-form-7/includes/js/jquery.form.min.js, /contact-form-7/includes/js/scripts.js

[Glasairmell]

The Log:

[403 GET / HEAD Request: September 10, 2014 - 4:28 pm]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: .105.54.1
Host Name: adsl--105-54-1.dsl.pltn13.sbcglobal.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: http://www.mysite.com/xxxx/nextgen-pro-lightbox-gallery/83931dbe4f28fe8b7709edbef370bc68
REQUEST_URI: /xxxx/wp-content/plugins/nextgen-gallery-plus/modules/nextgen_pro_lightbox_legacy/static/theme/galleria.nextgen_pro_lightbox.js
QUERY_STRING: 
HTTP_USER_AGENT: Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53

White List:

whitelist rules copied locally and deleted

The galleria.nextgen_pro_lightbox.js I just added to the white list because it just showed up in the log file. Also the curl scan is not catching these scripts. Even when they are in the whitelist they show up on the error log.

However why should they even show up at all when this:

/home/XXXXX/domains/mysite.com/public_html/xxx/wp-content/plugins/nextgen-gallery-plus/.htaccess

is in the over ride table?  And should not the overide table be written to an .htaccess file?

[Glasairmell]

The site I am having problems with is xxxxx-land.  No I am not using minifi plugin.  Well I will give the Reg X code a go around then and get back to you.  Thank you.

[AITpro Admin]

The override does not work on some plugins and we will probably remove the option.  Ok for the reason stated above NextGen is a perfect example of a plugin that should have Regex whitelist rules.

Your whitelist rules look good.  Let’s do some basic / simple things first.

1.  Copy and paste the Plugin Firewall whitelist rules below to your Plugin Firewall Whitelist Text area and overwrite your existing whitelist rules.
2. Click the Save Whitelist Options button.
3. Click the Plugin Firewall BulletProof Mode Activate button.

/nextgen-gallery/products/photocrati_nextgen/modules/(.*).js, /nextgen_basic_gallery/static/(.*).js, /nextgen-gallery-plus/modules/(.*).js, /google-analyticator/external-tracking.min.js, /flash-video-player/swfobject.js, /contact-form-7/includes/js/(.*).js

Let me know when that is done so I can check this site remotely.

[AITpro Admin]

Ok was checking the site and both the Slide show and the static gallery just started working normally.

[Glasairmell]

Ok that is done.  By the way the same problem is happening with woocommerce on the perform site.  When this is resolved here I will use what i have learned on the other problem sites.  Even though there is a steep learning curve here I feel BulletProof is the best option out there along with Wordfence. I appreciate the extreme amount of work you have put into it.

With Wordfence I could not use it’s caching system because the .htaccess file kept getting called. Not a big deal I guess using super cache instead.

Thank you.

[AITpro Admin]

The Plugin Firewall is the most complex thing in BPS Pro that we are still working on to make it better, adding more error checks, self healing capabilities and of course more automation.  What we need to do is add some sort of automated “flush” that would have automatically fixed this type of problem.  We do not see this exact problem very often, but it does happen from time to time and for whatever reason that we have yet to figure out.  The steps to fix this issue/problem are always just delete and activate the Plugin Firewall again which is a manual “flush”.

FYI – this image file name is funky and is showing up as a 404 error when I check the gallery. Obviously the file name is not valid.

/german-shepherds/wp-content/gallery/studs/quartz-vom-haus-r%c3%b6hner_0.jpg

[Glasairmell]

OK thank you for.  Security log errors gone. Keep up the great work.

[Glasairmell]

What do I do in this situation where the .js files are in their own directory.

/tinymce-advanced/mce/nonbreaking/(.*).js, /plugins/tinymce-advanced/mce/anchor/(.*).js, /tinymce-advanced/mce/print/(.*).js, /tinymce-advanced/mce/insertdatetime/(.*).js, /tinymce-advanced/mce/searchreplace/(.*).js, /tinymce-advanced/mce/code/(.*).js, /tinymce-advanced/mce/table/(.*).js, /tinymce-advanced/mce/advlist/(.*).js, /tinymce-advanced/mce/emoticons/(.*).js, /tinymce-advanced/mce/visualblocks/(.*).js, /tinymce-advanced/mce/visualchars/(.*).js, /tinymce-advanced/mce/wptadv/(.*).js

[Author]

Posts