Plugin Firewall Exclusion for a file outside Plugins Folder

[Paul D.]

Hi Ed !

Quick question regarding a file that is reported in the BPS Pro Security log. File is /wp-content/uploads/avada.js
Do I need to exclude this in plugin firewall or just ignore the Security log? If I need to exclude this file, what’s the correct way of doing it.

Thanks !

[AITpro Admin]

The Plugin Firewall is a True IP based firewall for the /plugins folder that protects all plugins/plugin files.  Anything outside the /plugins folder would be protected by other BPS Pro security measures.  In this case you have a .js file in your uploads folder that is being blocked by UAEG – the Uploads Anti-Exploit Guard .htaccess file.  You can either whitelist all .js files (not recommended) in the uploads folder or whitelist only this file (recommended).

To edit your Uploads Anti-Exploit Guard .htaccess file go to the B-Core htaccess File Editor tab page and click on the “Your Current Uploads htaccess File” tab.

Whitelist all .js files by removing js from the security filter (not recommended)
Delete the file extension that you want to allow and click the Update File button to save your changes. In this case delete js as shown below.

# FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
<FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
Order Deny,Allow
Deny from all
</FilesMatch>

Whitelist only a specific file or files by using a SetEnvIf whitelist rule (recommended)
Add a SetEnvIf whitelist rule above the FilesMatch section of code as shown below. Add Allow from env=whitelist in the FilesMatch section of code as shown below and click the Update File button to save your changes.

SetEnvIf Request_URI "avada.js$" whitelist

# FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
<FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
Order Deny,Allow
Allow from env=whitelist
Deny from all
</FilesMatch>

[AITpro Admin]

FYI – BPS Pro 8.3 will have a new Security Log Field – Event/Action.  This is currently in late stage development and is nearing completion.  The logging final field name or other things may change when the project moves from dev to prod/Live testing.

>>>>>>>>>>> 403 GET or HEAD Request Error Logged - February 18, 2014 - 6:53 am <<<<<<<<<<<
Event/Action: UAEG is blocking X. A UAEG whitelist rule needs to be created.
REMOTE_ADDR: 127.0.0.1
Host Name: Zebra-no-Stripes
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/bulletproof-security-admin-4.js
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36

[AITpro Admin]

A new Uploads Anti-Exploit Guard (UAEG) Read Me First Sticky Topic has been created in the link below.
http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/

[Author]

Posts