OIOpublisher, JW Player for WordPress 403 Error

Home Forums BulletProof Security Pro OIOpublisher, JW Player for WordPress 403 Error

Viewing 6 posts - 16 through 21 (of 21 total)
  • Author
    Posts
  • #4573
    sfakuyi
    Participant

    Everything regarding oio worked perfectly. I am very grateful indeed.

    With respect to the JW Player, for my other subdomain, JW Player plugin wasn’t installed before. So, I just downloaded and installed the latest JW Player wordpress plugin with support for JW Player 6 (my first website you worked on had jw player 5). Then, I attempted to add my “securityoff.htaccess” file to wp-content/uploads/jw-player-plugin-for-wordpress BUT the /jw-player-plugin-for-wordpress folder wasn’t/isn’t there – as in it’s missing from the uploads folder. The plugin is in the plugins folder just that I cannot find the related folder in the uploads folder.

    Please what’s the implication of this and how can I get everything working per your instruction above?

    P.S: JW Player requires that the wp-content/uploads folder be writable. BPS Pro leaves the uploads folder unlocked, right?

    #4575
    AITpro Admin
    Keymaster

    I do not really know anything about the JW Player plugin.  Do you need to set something up first in that plugin to create that folder?  Was JW Player bundled with OIOpublisher on your other website?  Maybe it works differently when it is bundled with OIOpublisher?  I can only make logical guesses because I do not use either of these plugins.  Maybe you can check with the folks who created the JW Player plugin and see what they say.  Thanks.

    #4576
    sfakuyi
    Participant

    OK. Will do.

    #4577
    AITpro Admin
    Keymaster

    Also since this is a newer version maybe they are doing something different, such as instead of using the uploads folder they are now doing everything within the JW Player plugin folder itself.  This seems like the most logical thing that has happened.  In any case, if you see an error in your BPS Security log file regarding JW Player then it will tell you what is being blocked and then a whitelist rule can be created to prevent whatever is being blocked from being blocked anymore.  😉

    #4580
    sfakuyi
    Participant

    You are probably right. The newer version probably works differently from the older version. I’ll look out for any errors. Thanks.

    #7982
    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    Note: All whitelisting is automated except for the CUSTOM CODE WP REWRITE LOOP START code for OIOpublisher since the “advertise” URL may or may not be the same for every website. So that whitelisting step still needs to be done manually.

    OIOpublisher updated whitelisting steps

    1. Copy this code to this BPS Custom Code text box:  CUSTOM CODE WP REWRITE LOOP START. If your WordPress site is installed in a subfolder then your RewriteBase will have a folder name instead of just a forward slash.  Example:  WordPress installed in folder named /SiteA will have this RewriteBase /SiteA/.  Check your root .htaccess file and copy the WP REWRITE LOOP START code from your root .htaccess file into this Custom Code text box and then add the OIOpublisher Rewrite code directly below it as shown below in the example.

    Note:  If you are using something other than “advertise-here”, or “advertise” in the OIOpublisher RewriteRule code below then change the name to match whatever you have chosen or copy the OIOpublisher .htaccess code from the OIOpublisher plugin settings page instead of using the OIOpublisher .htaccess code below.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    ## OIOpublisher Rewrite
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^advertise-here/(.+)$ wp-content/plugins/oiopub-direct/$1 [L]

    2. Copy this Plugin skip/bypass rule for swf’s in the advertise/uploads folder that were being blocked into this Custom Code text box:  CUSTOM CODE PLUGIN SKIP/BYPASS RULES: Add ONLY personal plugin skip/bypass rules here.

    Note: If the “advertise” folder name is something other than “advertise” then modify the folder name in this code below.

    # OIOpublisher swf skip/bypass
    RewriteCond %{REQUEST_URI} ^/advertise/uploads/ [NC]
    RewriteRule . - [S=13]

    3. Copy this code to this Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE. IMPORTANT! Edit the RewriteCond %{HTTP_REFERER} ^.*example.com.* line of code and add your actual domain name in place of example.com.  If you are not sure what domain name to add, your domain name is displayed in the yellow highlighted text on the right hand side next to this Custom Code text box.

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # Remote File Inclusion (RFI) security rules
    # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F]
    # 
    # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
    RewriteCond %{REQUEST_URI} (go\.php|purchase\.php|bubble\.js|oiopub\.js|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
    RewriteCond %{HTTP_REFERER} ^.*example.com.*
    RewriteRule . - [S=1]

    4. At this point save all of the Custom Code that you have added to these 2 Custom Code text boxes by clicking the Save Root Custom Code button, go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

Viewing 6 posts - 16 through 21 (of 21 total)
  • You must be logged in to reply to this topic.