PDF Embedder – 403 error

Home Forums BulletProof Security Free PDF Embedder – 403 error

Tagged: 

This topic contains 12 replies, has 2 voices, and was last updated by  AITpro Admin 7 months, 4 weeks ago.

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #34445

    AITpro Admin
    Keymaster

    Email Question:

    [403 GET Request: October 25, 2017 3:33 am]
    BPS: 2.8
    WP: 4.8.2
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: xxx.xxx.xxx.xxx
    Host Name: xxx.xxx.xxx.xxx
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: xxx.xxx.xxx.xxx
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://example.com/test-embed-pdf/
    REQUEST_URI: /?pdfemb-serveurl=https%3A%2F%2Fexample.com%2Fwp-content%2Fuploads%2Fsecurepdfs%2F2017%2F10%2FPDFTEST1.pdf
    QUERY_STRING: pdfemb-serveurl=https%3A%2F%2Fexample.com%2Fwp-content%2Fuploads%2Fsecurepdfs%2F2017%2F10%2FPDFTEST1.pdf
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.1; rv:51.0) Gecko/20100101 Firefox/51.0

    Would you be able to guide me in the correct direction in as to what white-listing rule would be best.
    The plugin uploads PDF automatically to a uploads/securepdfs/ area so it cannot be downloaded.

    #34446

    AITpro Admin
    Keymaster

    PDF Embedder error message:  Failed to load and decrypt PDF

    The Request is simulating and RFI hacking attempt, but whitelisting RFI htaccess security rules in the Root htaccess file did not work.  I do not see anything else in the BPS root htaccess file that would block the Request URI and Query.  At this point it still not clear whether or not deactivating Root Folder BulletProof Mode allowed the PDF Embedder plugin to successfully do whatever it does.  Pending user confirmation.

    #34447

    Gerard McNulty
    Participant

    I tried deactivating Root Folder BulletProof Mode but that didn’t work. The only thing that did work was taking out the following line from the end of Root htaccess File CUSTOM CODE BOTTOM  HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here

    The line I took out was

    RewriteRule ^(.*)$ - [F]

    Then I pressed activate “Root Folder BulletProof Mode” and PDF Embedder Secure displayed the embedded PDF

    #34448

    AITpro Admin
    Keymaster

    Oh I finally understand what were saying.  You are removing that line of code from the POST Attack Protection Bonus Custom Code.  Ok so that means the PDF Embedder plugin is making a GET Request and is also making a POST Request in the process, which I have seen before.  So the whitelist rule you sent to me looks correct unless the Security Log entry is only displaying the part of the Request that is the GET Request:  RewriteCond %{QUERY_STRING} !^pdfemb-serveurl=(.*) [NC]

    This whitelist rule may or may not work, but it is worth a try: RewriteCond %{REQUEST_URI} !^.*/test-embed-pdf/ [NC]

    If neither of these whitelist rules work then you will not be able to use the POST Attack Protection Bonus Custom Code and will need to delete it.  We will test the PDF Embedder free plugin either today or tomorrow to see if we can reproduce this problem.  Also another thing to check would be if you have an .htaccess file in your WordPress /uploads folder.  BPS logs all 403 errors whether or not BPS is blocking something.

    #34449

    Gerard McNulty
    Participant

    Oh just to save you the bother, the free version always works. It’s just the premium secure version that encrypts the pdf and puts in into a secure folder in uploads that has this problem

    #34452

    AITpro Admin
    Keymaster

    Ok then either you would need to figure out how and where the PDF Embedder pro version is doing a POST Request or just delete the BPS POST Attack Protection Bonus Custom Code since it is blocking a secondary POST Request in that plugin.

    #34453

    Gerard McNulty
    Participant

    It works, I can confirm that adding the following code to “CUSTOM CODE BOTTOM / HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here” fixes the problem with PDF Embedder Secure (Failed to load and decrypt PDF)

    RewriteCond %{QUERY_STRING} !^pdfemb-serveurl=(.*) [NC]

    Thanks for your assistance!

    #34454

    AITpro Admin
    Keymaster

    Well thank yourself since you already figured out the whitelist rule that was needed.  Sorry that I misunderstood which code you were referring to in your email.  I would not be surprised if you need both the Query String Exploits RFI whitelisting method and your POST Attack Protection whitelist rule.  ie probably 2 separate things are being blocked.

    #34455

    Gerard McNulty
    Participant

    Is that this one?

    RewriteCond %{REQUEST_URI} !^.*/test-embed-pdf/ [NC]

    #34456

    AITpro Admin
    Keymaster

    Nope, the RFI whitelisting method is what you have already done in the BPS Query String Exploits code. These 3 security rules below all protect against RFI attack strings. It is completely safe to comment these security rules out since they are general RFI security rules and there is another RFI security rule that is the primary RFI security rule in a different section of htaccess code in the BPS root htaccess file.

    #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
    #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    #RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
    #34457

    Gerard McNulty
    Participant

    Ok, Thanks

    #34458

    Gerard McNulty
    Participant

    The locations of the above lines are

    “CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS” (where they are commented out)

    and

    “CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS” (where they are NOT commented out)

    Should I still comment them out in “CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS”?

    #34459

    AITpro Admin
    Keymaster

    Nope, you do not need to do anything else with the wp-admin htaccess code/file.

Viewing 13 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.