OIOpublisher, JW Player for WordPress 403 Error

[sfakuyi]

Hello Admin,

Thanks again for your support. Please, there’s a small but crucial issue on my website probably arising from editing the .htaccess file. I am using a wordpress advert plugin. So I needed to re-write the advert page url in order to make it look palatable to the end-user. I was told to add the following piece of code to the .htaccess file at the very top just above the first BPS Pro htaccess comment.

## OIOpublisher Rewrite
RewriteEngine On
RewriteBase /myblog/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^advertise-here/(.+)$ wp-content/plugins/oiopub-direct/$1 [L]

In the above, myblog stands for the name of the blog. With the edit, everything appears to work fine when I am logged in. The advert page appears correctly. However, when I am logged out and I visit the advert purchase page, I get the following error message:
“abc.xyz.com 403 Forbidden Error Page [i.e my subdomain dot my main domain]
If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.”

This means anyone not already registered on my website will not see my advert page. Please can you help resolve this issue?
Regards
Victor

[sfakuyi]

Please note also that sometimes when i am not logged in on my PC, the advert page shows up. However, on my ipad and iphone, when I am not logged in, the page never shows up.

[AITpro Admin]

Your topic has been split into a new topic since it is a new issue/problem.

Please check your BPS Pro Security Log file and post the logged error that relates to this plugin.

[sfakuyi]

Hello Admin,

Kindly check your email. I have sent my BPS Pro security log to your inbox. As the security log contains significant details of my website, I would not like to post that here. Looking forward to the resolution of this matter.

Regards
Victor

[AITpro Admin]

Updated whitelisting steps:  https://forum.ait-pro.com/forums/topic/oiopublisher/page/2/#post-7982

I have removed the significant details from the log entry that pertains to OIOpublisher and jw-player plugin.  You have 2 different things that need to done to whitelist OIOpublisher and the jw-player plugin.

[code and steps removed – see link above for the final working solution]

[AITpro Admin]

Actually you only need to add these 2 plugin script whitelist rules to the Plugin Firewall Whitelist Text area, click the Save Whitelist Options button and activate the Plugin Firewall again.  There were lots of duplicate errors in your Security Log, but they were all the same plugin scripts.
/S3FlowShield/js/playerscripts.min.js, /magicmembers/core/assets/js/jquery/(.*).js

[sfakuyi]

Hello Admin,

With regard to OIO, I have carried out the steps you described above but the 403 forbidden error persists.

I have tried to use the Plugins Script/File Whitelist Text Area scanner to scan for plugins to whitelist but only one plugin shows up in the whitelist after the scan. Please is there a way to type out a list of all my plugins? If yes, assuming a plugin name is called “ruxpin”, how do I type out that plugin inside the whitelist area – what is the exact structure? Plus, how do I properly separate each plugin in the list – is there a need for a delimiter in the list between plugins?

Another crucial thing I have noticed is that my wordpress dashboard plugin add new pages no longer displays any wordpress.org plugin repository information. For example, when I go to the add new plugin page and i search, no plugin is returned from the wordpress.org plugin repository. Ditto when i click the popular, featured plugin links, nothing shows up. This is probably caused by a BPS Pro function – please how do I ensure my wordpress.org plugin repository data is restored?

Looking forward to your response so I can try it and get rid of all the errors.

Best Regards,

Victor

[AITpro Admin]

There are alternative methods to finding plugin scripts to whitelist instead of using the Plugin Firewall Test Mode.  You can check your Security Log file for plugin script errors.  To read more about how to do this, what to look for and the format of whitelist rules you can either take a look at these Forum Topic links below or click the Plugin Firewall Blue Read Me help button.

http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/

http://forum.ait-pro.com/forums/topic/security-log-http-error-log-read-me-first/

I do not think BPS Pro would cause that problem, but do the BPS Pro troubleshooting steps in the link below to see if BPS Pro is causing this.  At each step check and see if the search feature is working then move on to the next troubleshooting step.

http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

 

[AITpro Admin]

This code that they told you to add to your root .htaccess file can be simplified.

## OIOpublisher Rewrite
RewriteEngine On
RewriteBase /myblog/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^advertise-here/(.+)$ wp-content/plugins/oiopub-direct/$1 [L]

What would make more sense would be to add this code in your root .htaccess file right after this code directly below.

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

## OIOpublisher Rewrite
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^advertise-here/(.+)$ wp-content/plugins/oiopub-direct/$1 [L]

[AITpro Admin]

Or you can send me the plugin and I will test it, delete it and post back here.

[sfakuyi]

Hello Admin,

I have tried the new .htaccess code you suggested above and it appears to work – meaning, the former behaviour is preserved. Logged in users still get to see the advert page but logged out users do not.

Now, with regard to the 403 forbidden errors and whitelisting issue of OIO and JW Player, as I am under a huge burden to figure out a myriad of things (from plugins (mastering every detail), content to backup, etc on this website as well as content digitization issues – bitrates, cloud hosting etc), I am going to ask you to please help me sort this issue out yourself. There is no one earth more competent in using BPS Pro than you are.

I have created an admin username and password for you and sent the credentials to your email. Though this is a live, commercial site, I trust you to help resolve this matter quickly.

Kindly help login and help correct the 403 forbidden error and whitelisting issues. When you are done, I would sincerely appreciate if you can send me an email of the exact steps you took in resolving each issue. I guarantee you that after editing out my private information from the email you’ll send, I will post those steps here in my own words for any other “layman user” in similar circumstance to benefit from.

Please help as my case is extremely urgent and I still need to roll out your fixes on other subdomains.

Regards

Victor

[AITpro Admin]

Updated whitelisting steps:  https://forum.ait-pro.com/forums/topic/oiopublisher/page/2/#post-7982

After logging in I found that this was a very complex issue to figure out because of how the OIOpublisher .htaccess code was rewriting the advertise-here directory.  Only generic error messages were being logged in the Security Log that were not very helpful for troubleshooting the bigger picture of the actual issues/problems that were occurring.

[code and steps removed – see the link above for the final working solution]

[sfakuyi]

Hello Admin,

I am most certainly grateful for your support and for definitively resolving my issue. Thank you very much.

As I have other subdomains set up exactly like the one that received your treatment, I want to recap the steps I would take to also fix those other websites. Please feel free to correct me where ever I am wrong

1. Upgrade BPS Pro to the latest edition [do you have a link to a tutorial for properly upgrading to the latest version]
2. Delete the former OIO Publisher .htaccess code (provided by OIO author) and replace the code as well as its positioning within the root .htaccess file as follows:

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

## OIOpublisher Rewrite
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^advertise-here/(.+)$ wp-content/plugins/oiopub-direct/$1 [L]

3. Go to wordpress dashboard > bps pro > b-core > security modes > Firewall whitelist tools > Plugins Script/File Whitelist Text Area > and add the following line: /oiopub-direct/(.*).php
4. Activate the Plugin firewall again
5. ****On the issue of the OIO Publisher js files, did you add the above highlighted piece of code "purchase\.php|bubble\.js|oiopub\.js|" there or has it always been there? What did you do there exactly so I replicate it?*****
6. You also said you “created a RewriteEngine Off .htaccess file for the JW Player plugin issue/problem in your uploads folder”. Please how do I get to add this new file to another website? What do I need to do add the file in the required place? Do I just copy it “wholesale” from the current website’s upload folder and it to the upload folder of my other sites?
Also will the new file survive future upgrades to BPS Pro or will I need it to add it again after each up upgrade?

Regards,
Victor

[AITpro Admin]

On step 4 I did not list all the exact steps.  They are:

Add the /oiopub-direct/(.*).php whitelist rule to the Plugin Firewall Whitelist Text area, click the Save Whitelist Options button and then activate the Plugin Firewall again.

5.  I did exactly what I said I did above.  I will add more detail.  Edit your root .htaccess file and add these 3 files to the Security filter shown in my previous post exactly as I have shown highlighted in yellow.

6.  See this Forum Topic link below on how to get and use the RewriteEngine Off .htaccess file that comes with BPS Pro.

http://forum.ait-pro.com/forums/topic/rewriteengine-off-htaccess-file/

[sfakuyi]

Thank you so much for your excellent support. I am going to replicate these steps exactly as stated above and will give you feedback per the outcome.

Thanks so very much.
Victor

[Author]

Posts