Ogone payment provider – WooCommerce

[AITpro Admin]

Email Question:

Hi there,
i’m using bps on a wordpress commerce site that is driven by woocommerce. i have been going through all the payment provider talkback problems in the forums but neither deactivating my plugin firewall nor creating no rewrite htaccess solve the problem. for some reason the secure root .htaccess file overwrites the “RewriteEngine Off” file within the plugin directory. only switching back to the insecure root htaccess file is solving all issues with my woocommerce payment provider “ogone”. my question is, is there any way apart from the already described solutions within the forum (Allow from in the plugins htaccess etc.) to resolve this issue and keeping the secure htaccess? thanks! philipp

[AITpro Admin]

UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

The WooCommerce Ogone payment gateway plugin requires both a Plugin Firewall whitelist rule and also a plugin skip/bypass whitelist rule added to BPS Custom Code.

Plugin Firewall whitelist rule

/woocommerce_ogonecw/assets/(.*).js

Plugin skip/bypass rule in BPS Custom Code

# WooCommerce Ogone Plugin Payment Gateway skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/woocommerce_ogonecw/ [NC]
RewriteRule . - [S=13]

How to manually add Plugin Firewall whitelist rules:
http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/
http://forum.ait-pro.com/video-tutorials/#security-log-firewall

How to add Plugin skip/bypass rules to BPS Custom Code:
http://forum.ait-pro.com/video-tutorials/#custom-code

[Philipp]

[Topic merged into this relevant Topic]

hi there,
i’m experiencing 403 errors when trying to directly access files (pdf, mp3 etc.) on the server.

[403 GET / HEAD Request: 20. Mai 2014 - 11:57]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: xx.xx.xx.xx
Host Name: xxxxxxxxxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: http://xxxxxx/wp-admin/
REQUEST_URI: /wp-content/plugins/woocommerce_ogonecw/assets/admin.js?ver=3.9.1
QUERY_STRING: 
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14

[403 GET / HEAD Request: 20. Mai 2014 - 11:08]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: xxxxxx
Host Name: xxxxxxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: http://xxxxx/audiodatei-mit-dagamr-ehrling-als-referentin/
REQUEST_URI: /elearning/ehling_phyto/ehling_audio.mp3
QUERY_STRING: 
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36

any thoughts on how to solve this? Thank you! Phil

[AITpro Admin]

The solution for the first Security Log entry for woocommerce ogone is in this forum topic.  For the second Security Log entry I need more information to determine what the solution would be.

What, where is this path?  Is this folder in your WordPress /uploads folder or somewhere else?

/elearning/ehling_phyto/ehling_audio.mp3

[Philipp]

no it is outside the wordpress uploads but in side the folder in the www root (1st level)

 

[AITpro Admin]

Can you accesss or download your mp3 files now?  If not, then do the troubleshooting steps below.  If you can access or download mp3 files then this may have been some sort of scraping or mining against your website to grab your mp3 files.

BPS does not directly block or restrict mp3 files in any .htaccess files or in any other code in BPS.  It is of course possible that a plugin is handling mp3 downloads or something else on the site is handling mp3 downloads (a 3rd party application).  If /elearning/ has a 3rd party application in it that is handling downloads then a skip/bypass rule may be needed.  Do these troubleshooting steps first to determine if BPS has anything to do with this issue.  Test downloading or accessing your mp3 files.

http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting
1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button.  See Custom Code Note if doing this step works.

[Philipp]

The gilt Download still does not work also for pdfs…the 403 is Generated by bps

 

[AITpro Admin]

BPS handles logging of HTTP Status Response Code 403 as well as other HTTP Status Response Codes, but that does not necessarily mean that BPS is causing the 403 error.  By doing all of the BPS troubleshooting steps you can confirm or eliminate that BPS is causing an issue/problem and if BPS is causing an issue or problem you can isolate exactly which BPS security feature is causing the problem.

http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

Please do all of the relevant troubleshooting steps.  What is “gilt”?  Is it a WordPress plugin?  Is it a 3rd Party application?  Also I would need to know all of the specific details of the issue/problem and a relevant Security Log entry for the issue/problem.

After doing the troubleshooting steps post the results of that and also all of the necessary information above so that I can provide a solution.

[Philipp]

1. I Deactivate Root Folder BulletProof Mode > direct file download works.
2. I Activate Root Folder BulletProof Mode and the direct file access somehow works again.
I’ll monitor it if anything changes…. thx!

[Author]

Posts