Home › Forums › BulletProof Security Pro › POST Request Protection|POST Attack Protection|POST Request Blocker
- This topic has 33 replies, 11 voices, and was last updated 5 years, 5 months ago by AITpro Admin.
-
AuthorPosts
-
JohnnyParticipant
Hi,
I have Wordfence enabled as well (everything except login security) and I recently found this in my BPS security log after enabling the post-request blocking additional code:
[403 POST Request: March 15, 2017 10:44 am] BPS: .54.5 WP: 4.7.3 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 69.46.36.20 Host Name: noc4.wordfence.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /?_wfsf=detectProxy QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.82 Safari/537.1 REQUEST BODY: ips%5B0%5D=69.46.36.20&nonce=cce20c75fd9186a85d4febaa1102be4e4bbe812e547e4783c95312c5f7c18caa
It seems to be from Wordfence. Is there any information about what this could be, and if so what should be done about it? Thanks!
AITpro AdminKeymaster@ Johnny – Probably a Query String whitelist rule is what is needed.
# Whitelist Wordfence POST Request by Query String RewriteCond %{QUERY_STRING} !^_wfsf=(.*) [NC]
Rami MParticipantIf I want to block out all post attacks, and have no JetPack or anything to allow, should the code be like this?
# BPS POST Request Attack Protection # RewriteCond %{REQUEST_METHOD} POST [NC] # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC] # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON RewriteCond %{REQUEST_URI} !^.*/wp-cron.php [NC] # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON RewriteCond %{REQUEST_URI} !^.*/wp-login.php [NC] # Whitelist WP JSON POST Requests by Query String #RewriteCond %{QUERY_STRING} !^_locale=(.*) [NC] # Whitelist the WordPress Theme Customizer #RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php [NC] # Whitelist XML-RPC Pingbacks, JetPack and Remote Posting POST Requests # RewriteCond %{REQUEST_URI} !^.*/xmlrpc.php [NC] # Whitelist Jetpack JSON POST Request # RewriteCond %{REQUEST_URI} !^.*/wp-json/jetpack/(.*) [NC] # Whitelist Network|Multisite Signup POST Form Requests # RewriteCond %{REQUEST_URI} !^.*/wp-signup.php [NC] # Whitelist Network|Multisite Activate POST Form Requests # RewriteCond %{REQUEST_URI} !^.*/wp-activate.php [NC] # Whitelist Trackback POST Requests # RewriteCond %{REQUEST_URI} !^.*/wp-trackback.php [NC] # Whitelist Comments POST Form Requests # RewriteCond %{REQUEST_URI} !^.*/wp-comments-post.php [NC] # Example 1: Whitelist Star Rating Calculator POST Form Requests # RewriteCond %{REQUEST_URI} !^.*/star-rating-calculator.php [NC] # Example 2: Whitelist Contact Form POST Requests # RewriteCond %{REQUEST_URI} !^.*/contact/ [NC] # Example 3: Whitelist PayPal IPN API Script POST Requests #RewriteCond %{REQUEST_URI} !^.*/ipn_handler.php [NC] RewriteRule ^(.*)$ - [F]
AITpro AdminKeymasterYou do not want to comment out this line of the code:
# RewriteCond %{REQUEST_METHOD} POST [NC]
– This is the condition that checks if the Request Method is a POST Request. Other changes to your code may cause problems for other things (WordPress, Plugins and Themes). So check your Security Log frequently for things that are blocked that you do not want blocked. -
AuthorPosts
- You must be logged in to reply to this topic.