Plugin Firewall One of more of your Plugin Firewall Whitelist rules are not valid

Home Forums BulletProof Security Pro Plugin Firewall One of more of your Plugin Firewall Whitelist rules are not valid

Viewing 15 posts - 1 through 15 (of 33 total)
  • Author
    Posts
  • #11124
    James Burden
    Participant

    Hi – I’m installing BPS Pro on a website and have come up with the following problem:

    On Pre-installation checks I get a red error message reading: “Error: One of more of your Plugin Firewall Whitelist rules are not valid”. I click the link to take me to fix the rules and in the whitelist text area I have the following:

    /seedprod-coming-soon-pro/themes/default/bootstrap/js/bootstrap.js, /seedprod-coming-soon-pro/themes/default/js/jquery.fitvids.js, /seedprod-coming-soon-pro/themes/default/js/script.js, /seedprod-coming-soon-pro/themes/default/js/modernizr.min.js, /seedprod-coming-soon-pro/themes/default/js/dd_belatedpng.js

    (This is a plugin already installed on the website)

    I understand that the valid plugin Whitelist rules must use only this format: /plugin-folder-name/plugin-script.js, /plugin-folder-name/(.*).js

    I don’t understand what I should do. If I change the rules in the box then it won’t reflect the true file path of the Coming Soon Pro plugin. If I change the actual file path of the Coming Soon Pro plugin then presumably that will break the plugin.

    What do I need to do to resolve this error?

    (Using latest version of WordPress and BPS Pro)

    #11127
    AITpro Admin
    Keymaster

    What is being seen as an invalid Plugin Firewall whitelist rule is the word “themes” in the plugin script path.  This one whitelist rule using Regular Expressions code is all you need to use to whitelist all of those js scripts for this particular plugin.
    You can either do this…

    /seedprod-coming-soon-pro/(.*)/default/bootstrap/js/(.*).js

    …or this

    /seedprod-coming-soon-pro/(.*).js
    #11135
    James Burden
    Participant

    Tada! Brilliant. I understand now. Thanks so much.

    #11286
    AITpro Admin
    Keymaster

    We decided to get rid of the check for /themes/ altogether since newer code that was already previously created would not allow this type of invalid Plugin Firewall rule to be created in the first place.  That still leaves the possibility that someone could manually enter an incorrect path, but since most folks are going to be using the Wizards to automatically setup the Plugin Firewall then the chances are pretty slim that this would happen.

    #13883
    Matt
    Participant

    Initially the whitelist textarea was empty, so I ran the cURL scanner which outputted this:

    /disqus-popular-threads-widget/js/wp-disqus-pt.js, /wp-page-numbers/default/wp-page-numbers.css" type="text/css" media="screen" /> <script type="text/javascript" src="//www1.moon-ray.com/v2.4/include/formEditor/genjs-v2.php

    I adjusted it to

    /disqus-popular-threads-widget/js/wp-disqus-pt.js, /wp-page-numbers/default/wp-page-numbers.css

    The pre-installation wizard is still failing.

    #13884
    Matt
    Participant

    I double-checked what’s outputting in the source code, and reduced it to

    /disqus-popular-threads-widget/js/wp-disqus-pt.js

    I’m guessing the error is related to the external site .php file that is loading as a script. A rare bug perhaps, I’m guessing I can just run the Setup Wizard now.

    #13887
    AITpro Admin
    Keymaster

    The Setup Wizard cURL scanner will do the best it can to strip out any poor coding practices in your website Source Code.  Ie another plugin or theme is doing unconventional or just poor coding methods that mangle the Source Code in a unconventional/non-standard way.  The other thing that can be troublesome for the cURL scanner is when a Minifying plugin is used or minification is used in general.  In any case, the only thing left to do if the Setup Wizard cURL scanner is not able to remove/strip out the unconventional Source Code/code characters is to manually remove/delete the additional gibberish Source Code characters from the valid plugin scripts that are found by the Setup Wizard cURL scanner.

    #13890
    AITpro Admin
    Keymaster

    Also be sure to check your site by watching this Video Tutorial after running the Wizards.
    http://forum.ait-pro.com/video-tutorials/#security-log-firewall

    #18914
    Alex
    Participant

    I’m having the same error with the following (I removed license key data, etc.). I’m not a technical expert, but from what I can tell it looks like the plugins involved are Quform, Easy Social Share Buttons and W3TC (NewRelic):

    /iphorm-form-builder/js/iphorm.js?ver=1.4.18\'>.essb_fixed{margin:0}.essb_more_popup{z-index:999}.essb_more_popup_content{padding-top:10px;padding-bottom:10px;padding-left:5px;padding-right:5px;margin:0;text-align:center}.essb_more_popup_shadow{position:fixed;_position:absolute;height:100%;width:100%;top:0;left:0;background:rgba(99,99,99,0.3);z-index:998;display:none}.essb_more_popup_button_close{position:absolute;top:5px;right:0}.essb_more_popup_button_close a, .essb_more_popup_button_close a:hover{background:none;background-color:none;border:none;font-weight:bold;text-decoration:none;color:#333;padding-right:5px;margin-top:5px}jQuery(document).ready(function(){jQuery(\'.ktweet .kfooter a:not(.ktogglemedia)\').click(function(e){e.preventDefault();var khref=jQuery(this).attr(\'href\');window.open(khref,\'twitter\',\'width=600, height=400, top=0, left=0\');});});window.NREUM||(NREUM={});NREUM.info={\"beacon\":\"beacon-5.newrelic.com\",\"licenseKey\":\"\",\"applicationID\":\"\",\"transactionName\":\"==\",\"queueTime\":0,\"applicationTime\":,\"atts\":\"=\",\"errorBeacon\":\"bam.nr-data.net\",\"agent\":\"js-agent.newrelic.com/nr-476.min.js, left=0\');});});window.NREUM||(NREUM={});NREUM.info={\"beacon\":\"beacon-5.newrelic.com\",\"licenseKey\":\"\",\"applicationID\":\"\",\"transactionName\":\"==\",\"queueTime\":0,\"applicationTime\":,\"atts\":\"=\",\"errorBeacon\":\"bam.nr-data.net\",\"agent\":\"js-agent.newrelic.com/nr-476.min.js, /iphorm-form-builder/js/iphorm.js?ver=1.4.18\'>.essb_fixed{margin:0}.essb_more_popup{z-index:999}.essb_more_popup_content{padding-top:10px;padding-bottom:10px;padding-left:5px;padding-right:5px;margin:0;text-align:center}.essb_more_popup_shadow{position:fixed;_position:absolute;height:100%;width:100%;top:0;left:0;background:rgba(99,99,99,0.3);z-index:998;display:none}.essb_more_popup_button_close{position:absolute;top:5px;right:0}.essb_more_popup_button_close a, .essb_more_popup_button_close a:hover{background:none;background-color:none;border:none;font-weight:bold;text-decoration:none;color:#333;padding-right:5px;margin-top:5px}jQuery(document).ready(function(){jQuery(\'.ktweet .kfooter a:not(.ktogglemedia)\').click(function(e){e.preventDefault();var khref=jQuery(this).attr(\'href\');window.open(khref,\'twitter\',\'width=600, left=0\');});});window.NREUM||(NREUM={});NREUM.info={\"beacon\":\"beacon-5.newrelic.com\",\"licenseKey\":\"\",\"applicationID\":\"\",\"transactionName\":\"==\",\"queueTime\":0,\"applicationTime\":,\"atts\":\"=\",\"errorBeacon\":\"bam.nr-data.net\",\"agent\":\"js-agent.newrelic.com/nr-476.min.js
    #18916
    AITpro Admin
    Keymaster

    Excellent I was waiting for a chance to give the new Plugin Firewall AutoPilot Mode a go at this.  The root problem is that your website’s Source Code has been mangled by something.  Unfortunately, the Wizard cannot unmangle the damage.  So let’s see what the new Plugin Firewall AutoPilot Mode can do with this.  Do these steps below:

    1. Go to the BPS Security Log page and click the Delete Log button to delete your current Security Log file contents.
    2. Go to the Plugin Firewall page.
    3. Click the Plugin Firewall BulletProof Mode Deactivate button.
    4. Delete (or cut if you want to add your existing whitelist rules back into the Plugins Script|File Whitelist Text Area) all of your Plugin Firewall whitelist rules out of the Plugins Script|File Whitelist Text Area.
    5. Click the Save Whitelist Options button.
    6. Click the Plugin Firewall Test Mode button.
    7. Check your site pages by clicking on all main website pages: contact form page, home page, login page, etc.
    8. Recheck the Plugins Script|File Whitelist Text Area (after 1 minute) and you should see new Plugin Firewall whitelist rules have been created.
    9. Change the AutoPilot Mode Cron Check Frequency to 15 minutes or whatever frequency time you would like to use.
    10. Click the Plugin Firewall Activate button.

    Now go to the Plugin Firewall and refresh the page. Do you see all good Plugin Firewall whitelist rules and not that gibberish?

    #18966
    Alex
    Participant

    Wow thanks for the lightning quick reply!

    Ok I ran all your steps and at first, the whitelist rules box remained empty. Then I re-ran the setup wizard pre-installation check (we just upgraded to Pro from Free), and some gibberish appeared again, but less than half of last time:

    /iphorm-form-builder/js/iphorm.js?ver=1.4.18\'>.essb_fixed{margin:0}.essb_more_popup{z-index:999}.essb_more_popup_content{padding-top:10px;padding-bottom:10px;padding-left:5px;padding-right:5px;margin:0;text-align:center}.essb_more_popup_shadow{position:fixed;_position:absolute;height:100%;width:100%;top:0;left:0;background:rgba(99,99,99,0.3);z-index:998;display:none}.essb_more_popup_button_close{position:absolute;top:5px;right:0}.essb_more_popup_button_close a, .essb_more_popup_button_close a:hover{background:none;background-color:none;border:none;font-weight:bold;text-decoration:none;color:#333;padding-right:5px;margin-top:5px}jQuery(document).ready(function(){jQuery(\'.ktweet .kfooter a:not(.ktogglemedia)\').click(function(e){e.preventDefault();var khref=jQuery(this).attr(\'href\');window.open(khref,\'twitter\',\'width=600, height=400, top=0, left=0\');});});window.NREUM||(NREUM={});NREUM.info={\"beacon\":\"beacon-5.newrelic.com\",\"licenseKey\":\"\",\"applicationID\":\"\",\"transactionName\":\"==\",\"queueTime\":0,\"applicationTime\":,\"atts\":\"=\",\"errorBeacon\":\"bam.nr-data.net\",\"agent\":\"js-agent.newrelic.com/nr-476.min.js
    #18967
    AITpro Admin
    Keymaster

    Do these steps:

    Go the Setup Wizard and set this option setting to Off: cURL Scan Option: Turn On/Off cURL Scan and click the Save Options button.

    Note: This means that the Setup Wizard will not scan your website for Plugin Firewall whitelist rules. Since your Source Code is being mangled by something you have installed on your website then this cannot be fixed by the Setup Wizard automatically. The Setup Wizard is pretty amazing, but it cannot unscramble whatever is mangling your website’s Source Code so you want to let Plugin Firewall AutoPilot Mode handle creating Plugin Firewall whitelist rules automatically in real-time.

    1. Go to the BPS Security Log page and click the Delete Log button to delete your current Security Log file contents.
    2. Go to the Plugin Firewall page.
    3. Click the Plugin Firewall BulletProof Mode Deactivate button.
    4. Delete (or cut if you want to add your existing whitelist rules back into the Plugins Script|File Whitelist Text Area) all of your Plugin Firewall whitelist rules out of the Plugins Script|File Whitelist Text Area.
    5. Click the Save Whitelist Options button.
    6. Click the Plugin Firewall Test Mode button.
    7. Check your site pages by clicking on all main website pages: contact form page, home page, login page, etc.
    8. Recheck the Plugins Script|File Whitelist Text Area (after 1 minute) and you should see new Plugin Firewall whitelist rules have been created.
    9. Change the AutoPilot Mode Cron Check Frequency to 15 minutes or whatever frequency time you would like to use.
    10. Click the Plugin Firewall Activate button.

    Now go to the Plugin Firewall and refresh the page. Do you see all good Plugin Firewall whitelist rules and not that gibberish?

    #18968
    Alex
    Participant

    Again, thanks for the super quicky reply. Followed your latest steps and the gibberish disappeared! Now there’s just:

    /tinymce-spellcheck/js/atd.core.js, /iphorm-form-builder/includes/captcha.php

    Also re-ran the pre-install wizard and everything checked out 🙂 Thanks so much for your help!

    I should add that setup completed without any errors. Thanks for creating this fantastic plug! We specialize in affiliate marketing so We’ll be sure to sign up and send you some high quality leads.

    #18970
    AITpro Admin
    Keymaster

    AWESOME!!!  I spent weeks bashing and trashing the new Plugin Firewall AutoPilot Mode feature in every possible way and scenario I could think of to break it and make it malfunction or exploit it, which of course lead to adding new code to AutoPilot Mode to prevent however I broke it or exploited it in testing.  That is just par for the course for any feature (in any plugin) that has the critical responsibility that this new BPS Pro feature has.  It must be 100% accurate – there is no room for error – 99.99% is not good enough – it must be perfect for what it is responsible for doing.

    Thank you for confirming that AutoPilot Mode does its job as it was intended to do.  And for anyone else who suffered through all the predecessor tools of AutoPilot Mode – my sincere apologies.  I just did not think it was possible to create this without creating an exploit in BPS Pro, but I had just not thought of “the” new concept yet.  😉

    Thanks for being patient and jumping through the hoops.

    And I want to thank J and S for their awesome ideas for AutoPilot Mode.

    –Ed

    #18974
    AITpro Admin
    Keymaster

    I recommend setting AutoPilot Mode Cron Check Frequency to 15 minutes if this site is still in early development stages where new plugins are going to be added removed or the site will always be in flux.  If the site is established then typically plugins will not be added or removed on a regular basis and then I would recommend either turning AutoPilot Mode On or Off as needed or possibly doing a 30 minute interval on the Cron Check.

    Thanks again

    –Ed

Viewing 15 posts - 1 through 15 (of 33 total)
  • You must be logged in to reply to this topic.