rich-snippets.io blocked

Home Forums BulletProof Security Pro rich-snippets.io blocked

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • July 3, 2020 at 7:20 pm #39047
    flumm
    Participant

    Hi, I am using the plugin https://rich-snippets.io/ and when I try to call some delete function (in the WordPress admin GUI), the plugin’s function is blocked and I receive this entry. How can I correct that, please?

    [403 POST Request: 4. Juli 2020 - XX:XX]
BPS Pro: 14.5
WP: 5.4.2
Event Code: WPADMIN-SBR
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: XXX.XXX.XXX.XXX
Host Name: dynamic-XXX-XXX-XXX-XXX.XXXXXX.XX
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: POST
HTTP_REFERER: https://www.XXX.XXX/wp-admin/post.php?post=2610&action=edit
REQUEST_URI: /wp-json/wpbuddy/rich_snippets/v1/snippets_delete/
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0
REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data
    July 3, 2020 at 10:01 pm #39048
    AITpro Admin
    Keymaster

    Add a skip/bypass rule for the WordPress post.php file by doing the steps in this forum topic > https://forum.ait-pro.com/forums/topic/security-log-event-codes/page/5/#post-35323

    July 4, 2020 at 5:05 am #39049
    flumm
    Participant

    I followed your steps but it didn’t help. Still same issue.

    Also I see the php error log entry (first time already June 30, before I installed the plugin or changed anything on BPS settings:

    [04-Jul-2020 11:48:53 UTC] PHP Fatal error: Maximum execution time of 30 seconds exceeded in /home/httpd/vhosts/XXX.XX/httpdocs/wp-content/plugins/bulletproof-security/includes/firewall-autopilot.php on line 979

    This is line 979:

    foreach ( $uniqueRules as $uniqueRule ) {

     

    July 4, 2020 at 8:48 am #39050
    AITpro Admin
    Keymaster

    To increase your PHP Max execution time do these steps:

    1. Go to BPS Pro > P-Security > ini_set Options > Max Execution Time: option setting.
    2. Change the setting from 30 to 120.
    3. Click the Save|Enable Options button.

    Deactivate BPS wp-admin BulletProof Mode for now just to get rich-snippets.io working.  Note:  You could just use this as a workaround solution.  The BPS wp-admin htaccess file is no longer that critical to use. After you deactivate BPS wp-admin BulletProof Mode and test the rich-snippets.io plugin and if the problem is still occurring then send me your BPS Root htaccess  and your wp-admin htaccess file so I can check them.  Send the htaccess files to:  info at ait-pro dot com.

    Or you can send me a WordPress Administrator login to your website and I will fix the problem.

    July 4, 2020 at 10:10 am #39053
    AITpro Admin
    Keymaster

    This was a tricky one to figure out.  So sending me a WordPress Administrator login to your website saved both of us a lot of wasted time and headaches.  The problem was that the rich-snippets.io plugin uses the DELETE Request Method to perform the “Trash” delete feature.  The BPS Root htaccess file contains a Request Method block of htaccess code that specifically blocks the DELETE Request Method.  The steps below resolved this problem.  Note: I used Google Chrome Developer Tools to figure this problem out. This is the error message that I saw in the GCDT Console > DELETE https://www.vfd.ch/wp-json/wpbuddy/rich_snippets/v1/snippets_delete/ 403

    1. Go to the BPS Pro > B-Core > htaccess File Editor tab page.
    2. Click the Your Current Root htaccess File tab.
    3. Scroll down to the REQUEST METHODS FILTERED block of htaccess code and copy that block of htaccess code.
    4. Go to the Custom Code tab page > click the Root htaccess File Custom Code accordion tab/button.
    5. Scroll down to this Custom Code text box > 9. CUSTOM CODE REQUEST METHODS FILTERED
    6. Paste the block of REQUEST METHODS FILTERED htaccess code into this Custom Code text box.
    7. Edit the REQUEST METHODS FILTERED htaccess code and remove/delete the DELETE Request Method as shown in the code below.

    # REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

    7. Click the Save Root Custom Code button.
    8. Go to the Security Modes page and click the Root folder BulletProof Mode Activate button.

    July 4, 2020 at 10:55 am #39058
    flumm
    Participant

    Great, thank you.

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.