POST Request Protection|POST Attack Protection|POST Request Blocker

Home Forums BulletProof Security Pro POST Request Protection|POST Attack Protection|POST Request Blocker

Viewing 4 posts - 31 through 34 (of 34 total)
  • Author
    Posts
  • #32726
    Johnny
    Participant

    Hi,

    I have Wordfence enabled as well (everything except login security) and I recently found this in my BPS security log after enabling the post-request blocking additional code:

    [403 POST Request: March 15, 2017 10:44 am]
    BPS: .54.5
    WP: 4.7.3
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 69.46.36.20
    Host Name: noc4.wordfence.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: 
    REQUEST_URI: /?_wfsf=detectProxy
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.82 Safari/537.1
    REQUEST BODY: ips%5B0%5D=69.46.36.20&nonce=cce20c75fd9186a85d4febaa1102be4e4bbe812e547e4783c95312c5f7c18caa

    It seems to be from Wordfence. Is there any information about what this could be, and if so what should be done about it? Thanks!

    #32727
    AITpro Admin
    Keymaster

    @ Johnny – Probably a Query String whitelist rule is what is needed.

    # Whitelist Wordfence POST Request by Query String
    RewriteCond %{QUERY_STRING} !^_wfsf=(.*) [NC]
    #37349
    Rami M
    Participant

    If I want to block out all post attacks, and have no JetPack or anything to allow, should the code be like this?

    # BPS POST Request Attack Protection
    # RewriteCond %{REQUEST_METHOD} POST [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-cron.php [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-login.php [NC]
    # Whitelist WP JSON POST Requests by Query String
    #RewriteCond %{QUERY_STRING} !^_locale=(.*) [NC]
    # Whitelist the WordPress Theme Customizer
    #RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php [NC]
    # Whitelist XML-RPC Pingbacks, JetPack and Remote Posting POST Requests
    # RewriteCond %{REQUEST_URI} !^.*/xmlrpc.php [NC]
    # Whitelist Jetpack JSON POST Request
    # RewriteCond %{REQUEST_URI} !^.*/wp-json/jetpack/(.*) [NC]
    # Whitelist Network|Multisite Signup POST Form Requests
    # RewriteCond %{REQUEST_URI} !^.*/wp-signup.php [NC]
    # Whitelist Network|Multisite Activate POST Form Requests
    # RewriteCond %{REQUEST_URI} !^.*/wp-activate.php [NC]
    # Whitelist Trackback POST Requests
    # RewriteCond %{REQUEST_URI} !^.*/wp-trackback.php [NC]
    # Whitelist Comments POST Form Requests
    # RewriteCond %{REQUEST_URI} !^.*/wp-comments-post.php [NC]
    # Example 1: Whitelist Star Rating Calculator POST Form Requests
    # RewriteCond %{REQUEST_URI} !^.*/star-rating-calculator.php [NC]
    # Example 2: Whitelist Contact Form POST Requests
    # RewriteCond %{REQUEST_URI} !^.*/contact/ [NC]
    # Example 3: Whitelist PayPal IPN API Script POST Requests
    #RewriteCond %{REQUEST_URI} !^.*/ipn_handler.php [NC]
    RewriteRule ^(.*)$ - [F]
    #37351
    AITpro Admin
    Keymaster

    You do not want to comment out this line of the code: # RewriteCond %{REQUEST_METHOD} POST [NC] – This is the condition that checks if the Request Method is a POST Request.  Other changes to your code may cause problems for other things (WordPress, Plugins and Themes).  So check your Security Log frequently for things that are blocked that you do not want blocked.

Viewing 4 posts - 31 through 34 (of 34 total)
  • You must be logged in to reply to this topic.