Plugin Firewall – Custom Scan Does Not Detect Plugin Script To Whitelist

[John]

Hi Ed,
Sorry to bother you. The plugin firewall has appeared to be working perfectly until I realised that one important image plugin only works in my own IP range. I don’t think this is a big issue but I can’t  figure out what to do.
The plugin being hit with 404 errors when outside of my IP is ‘Justified Image Grid’, and when I de-activate the plugin firewall, everything is fine inside and outside of my IP range.
I have been though all the correct activation procedures and there are a few references to this plugins .js files in the whitelist area after scanning. I have tried custom scans (nothing coming up), and have also looked at the Core Edit/Upload/Download area of the plugin’s htaccess file where it makes IP references, but correcting this is beyond me.
I am on the latest WP and the very latest BPS Pro.
Maybe you can prod me in the right direction. Thanks in advance.
John

[John]

Hi again,
Further to my previous post, it appears that I am using other plugins that only work inside my own IP range (when the plugin firewall is activated). All work perfectly from any location when it is de-activated.
Thanks.
John

[AITpro Admin]

If the Plugin Firewall is blocking/forbidding plugin files then those log entries will be in your BPS Security Log.  The BPS Security Log file will have a new tab page in B-Core in the next version of BPS Pro, but for now go to P-Security and open your Security log with the php.ini/All-purpose  file editor and look for 403 logged events.  They will look like this below and the Request URI will be a script/file in your /plugins folder. You can copy the portion of the file/script path (/bbpress/bbp-theme-compat/js/topic.js) to the Plugin Firewall Whitelist text area, save your changes and activate the Plugin Firewall.

>>>>>>>>>>> 403 Error Logged [12/19/2012 8:54 PM] <<<<<<<<<<<
REMOTE_ADDR: 94.44.197.195
Host Name: apn-94-44-197-195.vodafone.hu
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: http://forum.ait-pro.com/forums/topic/read-me-first-free/
REQUEST_URI: /wp-content/plugins/bbpress/bbp-theme-compat/js/topic.js?ver=2.1.2
QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0

Also do you see your correct Public IP address in the Plugin Firewall .htaccess file?

1. Go to the B-Core htaccess File Editor page.
2. Click on the Your Current Plugins htaccess File tab.
3. Check that your plugins htaccess file.  Do you see these default Firewall settings below or your actual Domain name, Server IP address and your Public IP address?

Allow from aitpro.local
Allow from 127.0.0.1
# BEGIN PUBLIC IP
Allow from 127.0.0.1
# END PUBLIC IP

[John]

Hi, There was nothing to copy and paste from the 403 section:

>>>>>>>>>>> 403 Error Logged [12/28/2012 12:37 PM] <<<<<<<<<<<
REMOTE_ADDR: 50.57.46.237
Host Name: 50-57-46-237.static.cloud-ips.com
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /
QUERY_STRING: 
HTTP_USER_AGENT:

I checked the B-Core htaccess File Editor page and it correctly showed my IP address. I re-scanned again and activated Firewall, clicked the BP mode again and now everything appears to be fine (checked it out using 3G as this got blocked earlier as opposed to my IP/wifi which was always fine). The only reason I originally noticed the issue was that I was getting masses of 404 errors from my 404 monitor in my SEO plugin, which flagged this as a problem. I then checked the site outside my IP and realised a lot was missing. I’ll keep an eye on it now. Thanks for your help once again.John

[AITpro Admin]

hmm Ok keep me posted and check your Security Log for a couple of days.  We will be creating a new page in B-Core >>> Security Modes | Security Status | Security Log | to make this checking the Security Log fast and simple.  Will be completed in BPS Pro 5.5.  

I wonder if since you are using cloud services if this has anything to do with the log entries not capturing the full info.  I will do some more testing with CloudFlare and see if i can find any issues i might have missed in testing.  Thanks.

[John]

Hi again,
Further to the above… It appears that there are still some issues with quite a few plugins when outside of my IP address (and only then). As a result I have currently deleted the htaccess file from the plugin section.
FYI… there are still no errors showing in the error log.
Thanks, John

[AITpro Admin]

Ok very strange stuff going on on your site.  If the Plugin Firewall is blocking a plugin script/file it WILL log the event so I will need to log into your site to see exactly what the issue/problem is.  Please create a temporary WordPress Admin login for me and send it to my direct email – edward [at] ait-pro [dot] com.  Thanks.

[John]

Hi Ed,
Thanks so much for spending ages finding and correcting the cause of this problem. I have to say that your tech support is the best I have ever come across.
John

[AITpro Admin]

Yep took extra time in looking at your site to document some things that will be needed in the new Plugin Firewall Whitelist feature/option that I mentioned.  I do not want to disclose that info publicly.  😉  Thanks for the Kudos!

Best Regards,

Ed

[AITpro Admin]

A new tool has been added to the Plugin Firewall Whitelist options/Tools in BPS Pro 5.5.  It is called Plugin Override.  This tool will allow you to create a RewriteEngine Off .htaccess file in a specific plugin’s folder and this new feature will also check to ensure that .htaccess file you create in this plugin’s folder is still there if you upgrade the plugin – it will not be there of course when you upgrade the plugin so this new feature will automatically create the RewriteEngine Off .htaccess again if it is not found in that plugin’s folder.  Please read the Blue Read Me help button for instructions on how to use the new Plugin Override tool. 

[AITpro Admin]

A new Plugin Firewall Read Me First Troubleshooting post has been created here >>> http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/

[Author]

Posts