Home › Forums › BulletProof Security Pro › Plugin Firewall Exclusion for a file outside Plugins Folder
Tagged: UAEG, Uploads Anti-Exploit Guard
- This topic has 3 replies, 2 voices, and was last updated 10 years, 9 months ago by AITpro Admin.
-
AuthorPosts
-
Paul D.Participant
Hi Ed !
Quick question regarding a file that is reported in the BPS Pro Security log. File is /wp-content/uploads/avada.js
Do I need to exclude this in plugin firewall or just ignore the Security log? If I need to exclude this file, what’s the correct way of doing it.Thanks !
AITpro AdminKeymasterThe Plugin Firewall is a True IP based firewall for the /plugins folder that protects all plugins/plugin files. Anything outside the /plugins folder would be protected by other BPS Pro security measures. In this case you have a .js file in your uploads folder that is being blocked by UAEG – the Uploads Anti-Exploit Guard .htaccess file. You can either whitelist all .js files (not recommended) in the uploads folder or whitelist only this file (recommended).
To edit your Uploads Anti-Exploit Guard .htaccess file go to the B-Core htaccess File Editor tab page and click on the “Your Current Uploads htaccess File” tab.
Whitelist all .js files by removing js from the security filter (not recommended)
Delete the file extension that you want to allow and click the Update File button to save your changes. In this case delete js as shown below.# FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$"> Order Deny,Allow Deny from all </FilesMatch>
Whitelist only a specific file or files by using a SetEnvIf whitelist rule (recommended)
Add a SetEnvIf whitelist rule above the FilesMatch section of code as shown below. AddAllow from env=whitelist
in the FilesMatch section of code as shown below and click the Update File button to save your changes.SetEnvIf Request_URI "avada.js$" whitelist # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$"> Order Deny,Allow Allow from env=whitelist Deny from all </FilesMatch>
AITpro AdminKeymasterFYI – BPS Pro 8.3 will have a new Security Log Field – Event/Action. This is currently in late stage development and is nearing completion. The logging final field name or other things may change when the project moves from dev to prod/Live testing.
>>>>>>>>>>> 403 GET or HEAD Request Error Logged - February 18, 2014 - 6:53 am <<<<<<<<<<< Event/Action: UAEG is blocking X. A UAEG whitelist rule needs to be created. REMOTE_ADDR: 127.0.0.1 Host Name: Zebra-no-Stripes SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/uploads/bulletproof-security-admin-4.js QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36
AITpro AdminKeymasterA new Uploads Anti-Exploit Guard (UAEG) Read Me First Sticky Topic has been created in the link below.
http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ -
AuthorPosts
- You must be logged in to reply to this topic.