Home › Forums › BulletProof Security Free › PDF Embedder – 403 error
Tagged: 403 error
- This topic has 12 replies, 2 voices, and was last updated 6 years, 1 month ago by
AITpro Admin.
-
AuthorPosts
-
AITpro Admin
KeymasterEmail Question:
[403 GET Request: October 25, 2017 3:33 am] BPS: 2.8 WP: 4.8.2 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: xxx.xxx.xxx.xxx Host Name: xxx.xxx.xxx.xxx SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: xxx.xxx.xxx.xxx HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://example.com/test-embed-pdf/ REQUEST_URI: /?pdfemb-serveurl=https%3A%2F%2Fexample.com%2Fwp-content%2Fuploads%2Fsecurepdfs%2F2017%2F10%2FPDFTEST1.pdf QUERY_STRING: pdfemb-serveurl=https%3A%2F%2Fexample.com%2Fwp-content%2Fuploads%2Fsecurepdfs%2F2017%2F10%2FPDFTEST1.pdf HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.1; rv:51.0) Gecko/20100101 Firefox/51.0
Would you be able to guide me in the correct direction in as to what white-listing rule would be best.
The plugin uploads PDF automatically to a uploads/securepdfs/ area so it cannot be downloaded.AITpro Admin
KeymasterPDF Embedder error message: Failed to load and decrypt PDF
The Request is simulating and RFI hacking attempt, but whitelisting RFI htaccess security rules in the Root htaccess file did not work. I do not see anything else in the BPS root htaccess file that would block the Request URI and Query. At this point it still not clear whether or not deactivating Root Folder BulletProof Mode allowed the PDF Embedder plugin to successfully do whatever it does. Pending user confirmation.
Gerard McNulty
ParticipantI tried deactivating Root Folder BulletProof Mode but that didn’t work. The only thing that did work was taking out the following line from the end of Root htaccess File CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here
The line I took out was
RewriteRule ^(.*)$ - [F]
Then I pressed activate “Root Folder BulletProof Mode” and PDF Embedder Secure displayed the embedded PDF
AITpro Admin
KeymasterOh I finally understand what were saying. You are removing that line of code from the POST Attack Protection Bonus Custom Code. Ok so that means the PDF Embedder plugin is making a GET Request and is also making a POST Request in the process, which I have seen before. So the whitelist rule you sent to me looks correct unless the Security Log entry is only displaying the part of the Request that is the GET Request:
RewriteCond %{QUERY_STRING} !^pdfemb-serveurl=(.*) [NC]
This whitelist rule may or may not work, but it is worth a try:
RewriteCond %{REQUEST_URI} !^.*/test-embed-pdf/ [NC]
If neither of these whitelist rules work then you will not be able to use the POST Attack Protection Bonus Custom Code and will need to delete it. We will test the PDF Embedder free plugin either today or tomorrow to see if we can reproduce this problem. Also another thing to check would be if you have an .htaccess file in your WordPress /uploads folder. BPS logs all 403 errors whether or not BPS is blocking something.
Gerard McNulty
ParticipantOh just to save you the bother, the free version always works. It’s just the premium secure version that encrypts the pdf and puts in into a secure folder in uploads that has this problem
AITpro Admin
KeymasterOk then either you would need to figure out how and where the PDF Embedder pro version is doing a POST Request or just delete the BPS POST Attack Protection Bonus Custom Code since it is blocking a secondary POST Request in that plugin.
Gerard McNulty
ParticipantIt works, I can confirm that adding the following code to “CUSTOM CODE BOTTOM / HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here” fixes the problem with PDF Embedder Secure (Failed to load and decrypt PDF)
RewriteCond %{QUERY_STRING} !^pdfemb-serveurl=(.*) [NC]
Thanks for your assistance!
AITpro Admin
KeymasterWell thank yourself since you already figured out the whitelist rule that was needed. Sorry that I misunderstood which code you were referring to in your email. I would not be surprised if you need both the Query String Exploits RFI whitelisting method and your POST Attack Protection whitelist rule. ie probably 2 separate things are being blocked.
Gerard McNulty
ParticipantIs that this one?
RewriteCond %{REQUEST_URI} !^.*/test-embed-pdf/ [NC]
AITpro Admin
KeymasterNope, the RFI whitelisting method is what you have already done in the BPS Query String Exploits code. These 3 security rules below all protect against RFI attack strings. It is completely safe to comment these security rules out since they are general RFI security rules and there is another RFI security rule that is the primary RFI security rule in a different section of htaccess code in the BPS root htaccess file.
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] #RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
Gerard McNulty
ParticipantOk, Thanks
Gerard McNulty
ParticipantThe locations of the above lines are
“CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS” (where they are commented out)
and
“CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS” (where they are NOT commented out)
Should I still comment them out in “CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS”?
AITpro Admin
KeymasterNope, you do not need to do anything else with the wp-admin htaccess code/file.
-
AuthorPosts
- You must be logged in to reply to this topic.