Plugin js scripts blocked by Plugin Firewall – How to whitelist plugin scripts

Home Forums BulletProof Security Pro Plugin js scripts blocked by Plugin Firewall – How to whitelist plugin scripts

Tagged: , ,

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • March 3, 2013 at 6:14 am #2428
    AITpro Admin
    Keymaster

    Email Question:
    Hi there,
    I have noticed that none of my js files are loading – do you think this is something to do with BPS PRO? [website domain name removed for privacy] How can I fix this? Uninstall BPS Pro and then reinstall it? Is there another simpler way?

    Thanks
    T.

    Plugin Scripts Whitelist

    March 3, 2013 at 6:27 am #2429
    AITpro Admin
    Keymaster

    The screenshot image you sent (edited to not show your website domain name) shows that plugin scripts are being blocked by the Plugin Firewall because they have not been whitelisted yet. Use the Plugin Firewall Whitelist Test Mode tool or you can manually add these plugin scripts that need to whitelisted to your Plugin Firewall.

    See these Forum Topic links below, the BPS Pro Video Tutorials page and also read the Plugin Firewall Blue Read Me help button for help information on how to whitelist plugin scripts.
    Forum Topic Links
    http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/
    http://forum.ait-pro.com/forums/topic/security-log-http-error-log-read-me-first/

    Video Tutorials page
    http://www.ait-pro.com/aitpro-blog/2841/bulletproof-security-pro/bulletproof-security-pro-overview-video-tutorial/

    March 3, 2013 at 8:18 am #2436
    AITpro Admin
    Keymaster

    Email Reply:

    Thanks. I have scanned and performed all steps but I am still getting an error log because of the grid-gallery plugin. I have no idea what I am doing wrong as I have followed the instructions to the letter. I have whitelisted the following plugins after I performed a scan but am still getting a Security Log error. I took the php error and copied the url into the whitelist box but still no change!

    /grid-gallery/getImages.php,

    Plugin Firewall whitelisted plugin scripts

    SCANNED BELOW
    /usquare/js/frontend/jquery.easing.1.3.js, /usquare/js/frontend/jquery.usquare.js, /usquare/js/frontend/jquery.mousewheel.min.js, /usquare/js/frontend/jquery.tinyscrollbar.min.js, /fanciest-author-box/js/ts-fab.min.js, /grid-gallery/js/grid.min.js, <a href="#" rel="nofollow">http://www.facebook.com/plugins/likebox.php</a>, <a href="#" rel="nofollow">http://www.facebook.com/plugins/likebox.php</a>, /contact-form-7/includes/js/jquery.form.min.js, /contact-form-7/includes/js/scripts.js, /grid-gallery/getImages.php,
    Security Log error

    
>>>>>>>>>>> 403 Error Logged - March 3, 2013 - 3:35 pm <<<<<<<<<<<
REMOTE_ADDR: 188.222.20.107
Host Name: 188-222-20-107.zone13.bethere.co.uk
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: [domain name removed for privacy]
REQUEST_URI: /wp-content/plugins/grid-gallery/getImages.php?count=none&path=<a href="#" rel="nofollow">http://www.example.com/wp-content/plugins/grid-gallery/&directory=gallery&numImg=15&random=true&captions=hidden</a>
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17
    March 3, 2013 at 8:38 am #2442
    AITpro Admin
    Keymaster

    You have added the facebook scripts to the Plugin Firewall whitelist text area.  The Plugin Firewall is for the plugins folder only.  The ONLY scripts you need to whitelist are plugin scripts.  Plugin script paths start from the plugin folder name:  /example-plugin-folder-name/plugin-script.js.  Remove the 2 facebook scripts that you have added to the , click the Save Whitelist Options button to save your changes and click the Plugin Firewall BulletProof Mode Activate button.  This help information above can be found in the links I posted above and also in the Plugin Firewall Blue Read Me help button.

    The Security Log error shows another problem with the Grid Gallery plugin.  It is simulating an RFI hacking attempt against your website by the method it is using to link to image files.

    1. Copy this .htaccess code below to the BPS Pro Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # Grid Gallery skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/grid-gallery/ [NC]
RewriteRule . - [S=13]
    March 3, 2013 at 8:58 am #2445
    tam103
    Member

    That worked! 
    Wow it was pretty intesnive but worked a treat thank you for your 5 STAR SUPPORT you guys are brilliant!
    Thank you so much!

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.