Ogone payment provider – WooCommerce

Home Forums BulletProof Security Pro Ogone payment provider – WooCommerce

Tagged: ,

This topic contains 8 replies, has 2 voices, and was last updated by  Philipp 5 years, 5 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #12955

    AITpro Admin
    Keymaster

    Email Question:

    Hi there,
    i’m using bps on a wordpress commerce site that is driven by woocommerce. i have been going through all the payment provider talkback problems in the forums but neither deactivating my plugin firewall nor creating no rewrite htaccess solve the problem. for some reason the secure root .htaccess file overwrites the “RewriteEngine Off” file within the plugin directory. only switching back to the insecure root htaccess file is solving all issues with my woocommerce payment provider “ogone”. my question is, is there any way apart from the already described solutions within the forum (Allow from in the plugins htaccess etc.) to resolve this issue and keeping the secure htaccess? thanks! philipp

    #12956

    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    The WooCommerce Ogone payment gateway plugin requires both a Plugin Firewall whitelist rule and also a plugin skip/bypass whitelist rule added to BPS Custom Code.

    Plugin Firewall whitelist rule

    /woocommerce_ogonecw/assets/(.*).js

    Plugin skip/bypass rule in BPS Custom Code

    # WooCommerce Ogone Plugin Payment Gateway skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/woocommerce_ogonecw/ [NC]
    RewriteRule . - [S=13]

    How to manually add Plugin Firewall whitelist rules:
    http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/
    http://forum.ait-pro.com/video-tutorials/#security-log-firewall

    How to add Plugin skip/bypass rules to BPS Custom Code:
    http://forum.ait-pro.com/video-tutorials/#custom-code

    #15213

    Philipp
    Participant

    [Topic merged into this relevant Topic]

    hi there,
    i’m experiencing 403 errors when trying to directly access files (pdf, mp3 etc.) on the server.

    [403 GET / HEAD Request: 20. Mai 2014 - 11:57]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: xx.xx.xx.xx
    Host Name: xxxxxxxxxx
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: http://xxxxxx/wp-admin/
    REQUEST_URI: /wp-content/plugins/woocommerce_ogonecw/assets/admin.js?ver=3.9.1
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14
    
    [403 GET / HEAD Request: 20. Mai 2014 - 11:08]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: xxxxxx
    Host Name: xxxxxxx
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: http://xxxxx/audiodatei-mit-dagamr-ehrling-als-referentin/
    REQUEST_URI: /elearning/ehling_phyto/ehling_audio.mp3
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36
    

    any thoughts on how to solve this? Thank you! Phil

    #15215

    AITpro Admin
    Keymaster

    The solution for the first Security Log entry for woocommerce ogone is in this forum topic.  For the second Security Log entry I need more information to determine what the solution would be.

    What, where is this path?  Is this folder in your WordPress /uploads folder or somewhere else?

    /elearning/ehling_phyto/ehling_audio.mp3
    #15216

    Philipp
    Participant

    no it is outside the wordpress uploads but in side the folder in the www root (1st level)

     

    #15217

    AITpro Admin
    Keymaster

    Can you accesss or download your mp3 files now?  If not, then do the troubleshooting steps below.  If you can access or download mp3 files then this may have been some sort of scraping or mining against your website to grab your mp3 files.

    BPS does not directly block or restrict mp3 files in any .htaccess files or in any other code in BPS.  It is of course possible that a plugin is handling mp3 downloads or something else on the site is handling mp3 downloads (a 3rd party application).  If /elearning/ has a 3rd party application in it that is handling downloads then a skip/bypass rule may be needed.  Do these troubleshooting steps first to determine if BPS has anything to do with this issue.  Test downloading or accessing your mp3 files.

    http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting
    1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
    2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button.  See Custom Code Note if doing this step works.

    #15218

    Philipp
    Participant

    The gilt Download still does not work also for pdfs…the 403 is Generated by bps

     

    #15219

    AITpro Admin
    Keymaster

    BPS handles logging of HTTP Status Response Code 403 as well as other HTTP Status Response Codes, but that does not necessarily mean that BPS is causing the 403 error.  By doing all of the BPS troubleshooting steps you can confirm or eliminate that BPS is causing an issue/problem and if BPS is causing an issue or problem you can isolate exactly which BPS security feature is causing the problem.

    http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

    Please do all of the relevant troubleshooting steps.  What is “gilt”?  Is it a WordPress plugin?  Is it a 3rd Party application?  Also I would need to know all of the specific details of the issue/problem and a relevant Security Log entry for the issue/problem.

    After doing the troubleshooting steps post the results of that and also all of the necessary information above so that I can provide a solution.

    #15220

    Philipp
    Participant

    1. I Deactivate Root Folder BulletProof Mode > direct file download works.
    2. I Activate Root Folder BulletProof Mode and the direct file access somehow works again.
    I’ll monitor it if anything changes…. thx!

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.