Plugin Firewall Exclusion for a file outside Plugins Folder

Home Forums BulletProof Security Pro Plugin Firewall Exclusion for a file outside Plugins Folder

This topic contains 3 replies, has 2 voices, and was last updated by  AITpro Admin 5 years, 9 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #13276

    Paul D.
    Participant

    Hi Ed !

    Quick question regarding a file that is reported in the BPS Pro Security log. File is /wp-content/uploads/avada.js
    Do I need to exclude this in plugin firewall or just ignore the Security log? If I need to exclude this file, what’s the correct way of doing it.

    Thanks !

    #13277

    AITpro Admin
    Keymaster

    The Plugin Firewall is a True IP based firewall for the /plugins folder that protects all plugins/plugin files.  Anything outside the /plugins folder would be protected by other BPS Pro security measures.  In this case you have a .js file in your uploads folder that is being blocked by UAEG – the Uploads Anti-Exploit Guard .htaccess file.  You can either whitelist all .js files (not recommended) in the uploads folder or whitelist only this file (recommended).

    To edit your Uploads Anti-Exploit Guard .htaccess file go to the B-Core htaccess File Editor tab page and click on the “Your Current Uploads htaccess File” tab.

    Whitelist all .js files by removing js from the security filter (not recommended)
    Delete the file extension that you want to allow and click the Update File button to save your changes. In this case delete js as shown below.

    # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
    Order Deny,Allow
    Deny from all
    </FilesMatch>

    Whitelist only a specific file or files by using a SetEnvIf whitelist rule (recommended)
    Add a SetEnvIf whitelist rule above the FilesMatch section of code as shown below. Add Allow from env=whitelist in the FilesMatch section of code as shown below and click the Update File button to save your changes.

    SetEnvIf Request_URI "avada.js$" whitelist
    
    # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
    Order Deny,Allow
    Allow from env=whitelist
    Deny from all
    </FilesMatch>
    #13281

    AITpro Admin
    Keymaster

    FYI – BPS Pro 8.3 will have a new Security Log Field – Event/Action.  This is currently in late stage development and is nearing completion.  The logging final field name or other things may change when the project moves from dev to prod/Live testing.

    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - February 18, 2014 - 6:53 am <<<<<<<<<<<
    Event/Action: UAEG is blocking X. A UAEG whitelist rule needs to be created.
    REMOTE_ADDR: 127.0.0.1
    Host Name: Zebra-no-Stripes
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/bulletproof-security-admin-4.js
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36
    #13283

    AITpro Admin
    Keymaster

    A new Uploads Anti-Exploit Guard (UAEG) Read Me First Sticky Topic has been created in the link below.
    http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.