Home › Forums › BulletProof Security Pro › P3 Plugin Performance Profiler – 403 error
Tagged: 403 error, P3, Plugin Performance Profiler
- This topic has 2 replies, 2 voices, and was last updated 6 years, 8 months ago by
George Mohan.
-
AuthorPosts
-
George Mohan
ParticipantHow can i fix this error. i use P3 (Plugin Performance Profiler) to check plugin performance , but after the scan result i got error 403 when i try to back my plugin page or any other admin panel pages.
[403 GET Request: March 13, 2017 - 10:45 PM] BPS: .54.5 WP: 4.7.3 Event Code: WPADMIN-SBR Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 162.158.166.201 Host Name: 162.158.166.201 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: 116.68.110.57 HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-admin/tools.php?page=p3-profiler&p3_action=view-scan¤t_scan=1&name=scan_2017-03-12_8d41c888.json%27%20defer QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; rv:51.0) Gecko/20100101 Firefox/51.0
AITpro Admin
KeymasterTry whitelisting the P3 (Plugin Performance Profiler) tools.php file in your wp-admin htaccess file.
Note: The single quote code character
%27
on the end of the Query String is what is being blocked. When I test the P3 plugin I do not see that code character.1. Copy this code below to this BPS wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
2. Click the Save wp-admin Custom Code button.
3. Go to the Security Modes page and click the wp-admin Folder BulletProof Mode Activate button.Note: The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.
# P3 plugin tools.php skip/bypass rule RewriteCond %{REQUEST_URI} (tools\.php) [NC] RewriteRule . - [S=2]
George Mohan
ParticipantThanks for your valuable support . But its our side mistake, because we forget to add below code in BPS wp-admin Custom Code text box 4.CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS:Modify Query String Exploit code here .
Now its working fine, no need to add
skip/bypass rule.
# BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
…
…
…
# END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS -
AuthorPosts
- You must be logged in to reply to this topic.