jupdf pdf viewer – 403 error

Home Forums BulletProof Security Free jupdf pdf viewer – 403 error

This topic contains 3 replies, has 2 voices, and was last updated by  AITpro Admin 2 years, 10 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #23631

    lukas
    Participant

    Hello, I use a plugin jupdf pdf viewer https://wordpress.org/plugins/jupdf-pdf-viewer/
    i have problem in correct showing iframe in pdf use in plugin…   Here is log errors :

    [403 GET / HEAD Request: 23. jún 2015 - 2:24] 
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer 
    Solution: N/A - Hacker/Spammer Blocked/Forbidden 
    REMOTE_ADDR: 217.12.63.*** 
    Host Name: 217.12.63.*** 
    SERVER_PROTOCOL: HTTP/1.1 
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.********.com/catalog/ 
    REQUEST_URI: /wp-content/plugins/jupdf-pdf-viewer/jupdf/index.html?file=http://www.exempleurl.com/wp-content/uploads/2015/06/catal%C3%B3g-2.pdf 
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0

    please help, thanks

    #23635

    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    The Request URI is simulating an RFI hacking attempt.
    Similar Issue Reference:  http://forum.ait-pro.com/forums/topic/corner-ad-403-error/

    Do these whitelisting steps:
    1. Copy the code below to this Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE: Add additional Referers and/or misc file names. IMPORTANT! Change the HTTP_REFERER example.com domain name to your actual domain/website’s name.
    2. Save your new custom code by clicking the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # Remote File Inclusion (RFI) security rules
    # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F]
    #
    # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
    RewriteCond %{REQUEST_URI} (jupdf/index\.html|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
    RewriteCond %{HTTP_REFERER} ^.*example.com.*
    RewriteRule . - [S=1]
    #23637

    lukas
    Participant

    thanks !! code is working 🙂

    #23638

    AITpro Admin
    Keymaster

    Great!  Thanks for confirming the whitelist rule/method works.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.