Post comments 403 Error, malformed Query String

Home Forums BulletProof Security Pro Post comments 403 Error, malformed Query String

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #5626
    AITpro Admin
    Keymaster

    BPS Pro Question – Topic copied from the WordPress.org site:  http://wordpress.org/support/topic/403-forbidden-error-cannot-post-comments?replies=3

    Hi,

    After updating to the latest BPS version there is a 403 Error when you try to post a comment. Commenting does not work on my IP, even if I am logged in as admin, and not for any other users either. The error is happening on Firefox, Chrome, and Safari and appears as:

    Forbidden
    You don’t have permission to access /blog-article-title/ on this server.
    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

    I have already tried commenting out and even deleting the entire # FORBID COMMENT SPAMMERS ACCESS TO YOUR wp-comments-post.php FILE code in the root htacces, but it doesn’t work at all. I keep getting the same error.

    Also tried adding a skip rule, but it only made the BPS Error page appear. The actual error was the same.

    To clarify, the actual comment WILL appear if the page is refreshed and if you try to re-enter the same comment the duplicate comment alert works. But strangely, it’s showing the user a 403 when submitting the comment.

    FYI: We’re using the paid BPS Pro version on wordpress 3.5.1. The host is LiquidWeb and the site works 100% fine with htaccess permissions of 404 and 644 — so I don’t think that’s the issue. Lock/unlock works without any issues from within the BPS console. We’re also using W3TC but it does not touch comments at all.

    We’ve tried pretty much all of the trouble shooting tips available in the forums, but nothing works so far.

    Hope you can help! We’d like to get comments again. Thanks in advance!

    #5628
    AITpro Admin
    Keymaster

    What WordPress site type do you have?  Standard single installation of WordPress?  Network/Multisite?  BuddyPress?

    Are you using a comment plugin?

    #5629
    AITpro Admin
    Keymaster

    Please post any errors that you see in your BPS Pro Security Log file that are related to this issue/problem.

    #5643
    Indy250
    Participant

    Thanks for the reply. It’s a single WordPress install. No multisite or buddypress. No comment plugins and no errors regarding the comments issue in the security log. Only typical spambots there as far as I can tell. The comment appears for moderation as usual, but only shows the 403 error on the user side during submission.

    #5644
    AITpro Admin
    Keymaster

    Hmm no errors in the Security Log that is odd.  Post a link to the site so I can see what is happening.

    #5687
    Indy250
    Participant

    Thanks for the fast reply. Please see email for direct link and we can continue here. Thanks!

    #5694
    AITpro Admin
    Keymaster

    Ok the problem is this.  Either your Theme or your WordPress installation type is creating malformed/bad Query strings for your comment form, which are being blocked by BPS because they match a hacking pattern.  I cannot tell which WordPress installation type you have (single standard, Network, BuddyPress, etc).

    The malformed Query String is this:  ?#comment-126

    Go to the BPS Pro htaccess File Editor tab page, click on the Your Current Root htaccess File tab, scroll down until you see this security filter in your root .htaccess file…

    RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]

    and comment it out by putting a pound sign # in front of this security rule as shown below.

    #RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
    #5699
    Indy250
    Participant

    Thanks very much for the extremely fast & expert help. Yes, this fixed the issue and posting comments works again!

    Just to confirm this is a single standard wordpress installation — not a multisite or buddypress install.

    Thanks again!

Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.