Topic: Pingdom – whitelist pingdom user agent/bot, allow pingdom user agent/bot

Pingdom – whitelist pingdom user agent/bot, allow pingdom user agent/bot

Tagged: pingdom, pingdom bot, pingdom user agent

This topic has 11 replies, 2 voices, and was last updated 8 years, 6 months ago by AITpro Admin.

Viewing 12 posts - 1 through 12 (of 12 total)

Author

Posts
August 2, 2013 at 6:26 am #8121
silas88
Participant
I have a bad bot user agent check (originally from Perishable Press) which is blocking pingdom from checking that my site is up.
```
RewriteCond %{HTTP_USER_AGENT} ^Ping [OR]
```
If I understand correctly
^Ping is effectively ^Ping* and so the good user agent Pingdom.com_bot_version_1.4_(http://www.pingdom.com) is also blocked.

How can I modify this rule so that only the pingdom user agent is allowed through? I was looking at some kind of expression based on negation of the user agent string e.g. ^Ping[^dom.com_bot*] but I am really not familiar enough with these rules to know if this is the best way to do this.

Also, once the RewriteEngine on directive is given can I delete all subsequent RewriteEngine on directives. I seem to have quite alot of them what with BPS code and my custom code.

For the sake of completeness the Pingdom recieves a 403 and this

Forbidden
You don’t have permission to access /wp-content/cache/supercache/mydomain.com//index.html on this server. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

Strangely there is nothing about this in my BPS log. The Rewrite rule is
```
RewriteRule ^.* - [F,L]
```
August 2, 2013 at 8:42 am #8129
AITpro Admin
Keymaster
I believe you would just need this RegEx – Ping[^dom] which means match Ping, but do not match d or o or m. Even simpler is this: Ping[^d] – just match Ping and not Pingd…

If you would like to allow HEAD Requests by bots on your website then…
1. Add this code below to this BPS Root Custom Code text box: CUSTOM CODE REQUEST METHODS FILTERED.
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

BPS Pro 11.6+ & BPS free .53.2+
You may see this code or the 11.5+/.53.1+ code in your root htaccess file. The code does the same exact thing and is whitelisted in the same exact way.
```
# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]
```
BPS Pro 11.5+ & BPS free .53.1+
```
# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ - [R=405,L]
```
BPS Pro 11.4|BPS free .53 and lower versions
```
# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and 
# remove/delete HEAD| from the Request Method filter.
# Example: RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
# The TRACE, DELETE, TRACK and DEBUG Request methods should never be removed.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
```
August 2, 2013 at 8:46 am #8130
silas88
Participant
Hmm, just found that * repeats the previous chachter 0 or more times, so maybe it should be something like this
```
RewriteCond %{HTTP_USER_AGENT} ^Ping[^dom\.com_bot.*] [OR]
RewriteRule ^.* - [F,L]
```
or instead should I put something like this in the TimThumb section
```
RewriteCond %{HTTP_USER_AGENT} ^Pingdom\.com_bot.* [NC]
```
This is so confusing!!! 🙂

P.S. Strange, I couldn’t find [OR] listed as a ReWrite rule flag in the apache user documentation
August 2, 2013 at 8:50 am #8133
AITpro Admin
Keymaster
Yes, you could create an “is not” condition, but the Regex I posted previously should in theory work correctly.
```
RewriteCond %{HTTP_USER_AGENT} !^Pingdom
```
NOTE: In order for Ping not to match Pingdom you would have to add a boundary of some sort, but with User Agent rules you have to allow the match to look at the rest of the User Agent String. Example: ^foobar$ does not work because the $ sign boundary will negate the User Agent String match. And \bPing\b would not work either.
August 2, 2013 at 8:56 am #8136
silas88
Participant

Hi AITpro,
Sorry I didn’t see your post there at first. Thanks for the suggestion. I don’t allow HEAD requests at the moment. Do you think if I white list it in the timthum section that would be a safe route to go, or is allowing HEAD requests also safe?
August 2, 2013 at 9:02 am #8138
AITpro Admin
Keymaster

It is entirely up to you. Allowing HEAD Requests does NOT have to do with security in any way. This is just a nuisance filter. See this similar post on whitelisting the UptimeRobot User Agent/bot: http://forum.ait-pro.com/forums/topic/split-uptimerobot-whitelist-uptimerobot-bot/

What is important to note is that ONLY whitelisting by IP address works for whitelisting that bot. Not sure why that is and whitelisting by User Agent/bot name does not work. Or maybe adding uptimerobot.* would work because this would match the rest of the User Agent String, which is necessary when matching User Agents.
August 2, 2013 at 10:02 am #8143
silas88
Participant
As it looks like I can whitelist this good bot based on the user agent I think I’ll continue to dissallow HEAD requests for the moment. I have this in the TimThumb section, need to test further after removing the comment from the original offending rule.
```
RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
RewriteCond %{HTTP_REFERER} ^.*mydomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Pingdom\.com_bot.* [NC]
RewriteRule . - [S=1]
```
Thanks for your guidance on this.
August 2, 2013 at 10:24 am #8149
silas88
Participant

Well thinking about this some more I don’t think that position will work as later in the htaccess file it will get to the ^Ping bad bot rule and block it.
August 2, 2013 at 10:26 am #8150
AITpro Admin
Keymaster
Does this simple rule work or not? Just match Ping and not Pingd…
```
^Ping[^d]
```
August 2, 2013 at 11:26 am #8151
silas88
Participant

Yes, I was over complicating things completely.
KISS is best! 🙂
August 2, 2013 at 11:34 am #8152
AITpro Admin
Keymaster

Yep, I tend to do that myself. I was in the process of creating new Setup Wizard code and was saying to myself this code is bloated and ridiculous and there is a much better way to do this, but could not see that much better solution yet. Got it now. Sometimes you have to take the long road for a while until you see the shortcut. 😉
October 22, 2015 at 10:46 am #25881
AITpro Admin
Keymaster

[Topic manually moved to this relevant Topic]
I followed the instructions that I found in this form – http://forum.ait-pro.com/forums/topic/pingdom-allow-through-bad-bots-custom-code/ to allow head requests but it’s still generating errors and blocking certain scripts when I run a speed test using pingdom tools. What else can I do to fix this?
__________________

Odd. It appears that things are working now. Perhaps it was my caching plugin that delayed the changes.
Author

Posts

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.

BulletProof Security Forum

Pingdom – whitelist pingdom user agent/bot, allow pingdom user agent/bot

Search Forums

Topic Tags