Nextgen Gallery 403 error

Home Forums BulletProof Security Pro Nextgen Gallery 403 error

This topic contains 37 replies, has 4 voices, and was last updated by  Alex Laxton 2 weeks, 4 days ago.

Viewing 15 posts - 1 through 15 (of 38 total)
  • Author
    Posts
  • #8077

    Art
    Participant

    Hi Ed,

    What settings can you recommend for whitelisting nextgen gallery? When I click Manage Gallery on my site (thegrotonline.com), I’m getting a 403.

    Thanks,
    Art

    #8078

    AITpro Admin
    Keymaster

    Check the BPS Pro Security Log and post the error that is related to Nextgen.

    #8086

    Art
    Participant

    The log:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - July 31, 2013 - 12:46 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.249.75.97
    Host Name: crawl-66-249-75-97.googlebot.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 66.249.75.97
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/plugins/nextgen-gallery/xml/media-rss.php?gid=168&mode=gallery
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

    I had added /nextgen-gallery/js/(.*).js to the whitelist area.

    #8088

    AITpro Admin
    Keymaster

    The Plugin Firewall whitelist rule for this file/script would be this:  /nextgen-gallery/xml/media-rss.php

    Click the Plugin Firewall menu link, click on the Firewall Whitelist Tools accordian tab, add this  plugin whitelist rule below into the  Plugins Script/File Whitelist Text Area, click the Save Whitelist Options button and activate the Plugin Firewall again.

    /nextgen-gallery/xml/media-rss.php

    Plugin whitelist rules MUST use this general (not literal) format:  /plugin-folder-name/plugin-script.js, /another-plugin-folder-name/another-plugin-script.js  Plugin Firewall whitelist rules MUST be separated by a comma and a space between each whitelist rule.

    Reference/Source:  http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/

    #17697

    Glasairmell
    Participant

    [Topic has been merged into this similar Topic]

    Certain Nextgen gallery .js scripts are bering blocked by the BPS pro firewall even though they are in the white list. This causes galleries not to load. As a last ditch effort I added the affected plugin directory to the Plugin over ride.

    The wp_bpspro_pfw_override table is being created in the db with and the .htaccess file date is changing in the plugin directory but no information is being put there and the problem continues to occur.  Yes I have restarted the firewall, cleared caches and tried various ideas.

    I have other WordPress sites that I installed BPS pro on however let’s just work with this one to start with.

    Perhaps it is something simple I am overlooking however BPS can be a time sink and steep learning curve on nagging issues like this.

    Cheers!

    #17702

    AITpro Admin
    Keymaster

    @ Glasairmell – this is an older topic, but to keep things organized with relevant things I have merged your topic into this similar topic.

    Post your Plugin Firewall whitelist rules from the Plugin Firewall Whitelist Text Area.  Are you using a Minify plugin or doing anything with automated minification on this website?

    #17704

    AITpro Admin
    Keymaster

    Looks like this is the site with NextGen problems:  ca-xxxxx.us.

    When I scan the site remotely with the BPS Pro cURL Scan Pro-Tool these are the scan results/plugin script whitelist rules:

    /nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ajax.js, /nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/persist.js, /nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/store.js, /nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ngg_store.js, /nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/lightbox_context.js, /contact-form-7/includes/js/jquery.form.min.js, /contact-form-7/includes/js/scripts.js, /nextgen-gallery/products/photocrati_nextgen/modules/nextgen_gallery_display/static/common.js, /nextgen-gallery/products/photocrati_nextgen/modules/nextgen_basic_gallery/static/thumbnails/nextgen_basic_thumbnails.js, /nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/shutter/shutter.js, /nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/shutter/nextgen_shutter.js

    These whitelist rules above can be condensed using Regular Expression (Regex) code as shown below:
    NextGen Gallery is a perfect example of a plugin where Regex code should be used. In the latest release of NextGen Gallery I believe at least 3 – 5 new frontloading js scripts were added to NextGen. The point is that if you use Regex then if new/more js scripts are added to NextGen in future releases (very likely at the rate js scripts are being added to NextGen) then they will already be whitelisted by using Regex Plugin Firewall whitelist rules.

    /nextgen-gallery/products/photocrati_nextgen/modules/(.*).js, /contact-form-7/includes/js/jquery.form.min.js, /contact-form-7/includes/js/scripts.js
    #17708

    Glasairmell
    Participant

    The Log:

    [403 GET / HEAD Request: September 10, 2014 - 4:28 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: .105.54.1
    Host Name: adsl--105-54-1.dsl.pltn13.sbcglobal.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.mysite.com/xxxx/nextgen-pro-lightbox-gallery/83931dbe4f28fe8b7709edbef370bc68
    REQUEST_URI: /xxxx/wp-content/plugins/nextgen-gallery-plus/modules/nextgen_pro_lightbox_legacy/static/theme/galleria.nextgen_pro_lightbox.js
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53

    White List:

    whitelist rules copied locally and deleted

    The galleria.nextgen_pro_lightbox.js I just added to the white list because it just showed up in the log file. Also the curl scan is not catching these scripts. Even when they are in the whitelist they show up on the error log.

    However why should they even show up at all when this:

    /home/XXXXX/domains/mysite.com/public_html/xxx/wp-content/plugins/nextgen-gallery-plus/.htaccess

    is in the over ride table?  And should not the overide table be written to an .htaccess file?

    #17709

    Glasairmell
    Participant

    The site I am having problems with is xxxxx-land.  No I am not using minifi plugin.  Well I will give the Reg X code a go around then and get back to you.  Thank you.

    #17712

    AITpro Admin
    Keymaster

    The override does not work on some plugins and we will probably remove the option.  Ok for the reason stated above NextGen is a perfect example of a plugin that should have Regex whitelist rules.

    Your whitelist rules look good.  Let’s do some basic / simple things first.

    1.  Copy and paste the Plugin Firewall whitelist rules below to your Plugin Firewall Whitelist Text area and overwrite your existing whitelist rules.
    2. Click the Save Whitelist Options button.
    3. Click the Plugin Firewall BulletProof Mode Activate button.

    /nextgen-gallery/products/photocrati_nextgen/modules/(.*).js, /nextgen_basic_gallery/static/(.*).js, /nextgen-gallery-plus/modules/(.*).js, /google-analyticator/external-tracking.min.js, /flash-video-player/swfobject.js, /contact-form-7/includes/js/(.*).js

    Let me know when that is done so I can check this site remotely.

    #17716

    AITpro Admin
    Keymaster

    Ok was checking the site and both the Slide show and the static gallery just started working normally.

    #17718

    Glasairmell
    Participant

    Ok that is done.  By the way the same problem is happening with woocommerce on the perform site.  When this is resolved here I will use what i have learned on the other problem sites.  Even though there is a steep learning curve here I feel BulletProof is the best option out there along with Wordfence. I appreciate the extreme amount of work you have put into it.

    With Wordfence I could not use it’s caching system because the .htaccess file kept getting called. Not a big deal I guess using super cache instead.

    Thank you.

    #17719

    AITpro Admin
    Keymaster

    The Plugin Firewall is the most complex thing in BPS Pro that we are still working on to make it better, adding more error checks, self healing capabilities and of course more automation.  What we need to do is add some sort of automated “flush” that would have automatically fixed this type of problem.  We do not see this exact problem very often, but it does happen from time to time and for whatever reason that we have yet to figure out.  The steps to fix this issue/problem are always just delete and activate the Plugin Firewall again which is a manual “flush”.

    FYI – this image file name is funky and is showing up as a 404 error when I check the gallery. Obviously the file name is not valid.

    /german-shepherds/wp-content/gallery/studs/quartz-vom-haus-r%c3%b6hner_0.jpg
    #17723

    Glasairmell
    Participant

    OK thank you for.  Security log errors gone. Keep up the great work.

    #17725

    Glasairmell
    Participant

    What do I do in this situation where the .js files are in their own directory.

    /tinymce-advanced/mce/nonbreaking/(.*).js, /plugins/tinymce-advanced/mce/anchor/(.*).js, /tinymce-advanced/mce/print/(.*).js, /tinymce-advanced/mce/insertdatetime/(.*).js, /tinymce-advanced/mce/searchreplace/(.*).js, /tinymce-advanced/mce/code/(.*).js, /tinymce-advanced/mce/table/(.*).js, /tinymce-advanced/mce/advlist/(.*).js, /tinymce-advanced/mce/emoticons/(.*).js, /tinymce-advanced/mce/visualblocks/(.*).js, /tinymce-advanced/mce/visualchars/(.*).js, /tinymce-advanced/mce/wptadv/(.*).js
Viewing 15 posts - 1 through 15 (of 38 total)

You must be logged in to reply to this topic.