S2Member – POST wp-admin 403 Forbidden Error – ws-plugin Query String

Home Forums BulletProof Security Free S2Member – POST wp-admin 403 Forbidden Error – ws-plugin Query String

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • June 4, 2020 at 7:51 am #38998
    David Armstrong
    Participant

    I’ve encountered the “403 Forbidden Error Page” with s2Member.  It’s occurring when I try to save changes to modified membership level names.

    BPS is throwing the WPADMIN-SBR event when this happens and using the information I’ve found here so far, the recommended BPS solution is detailed here:
    https://forum.ait-pro.com/forums/topic/s2member-protected-page-403-error/

    Here’s the event from my BPS log:

    [403 POST Request: June 4, 2020 - 5:48 pm]
BPS: 4.0
WP: 5.4.1
Event Code: WPADMIN-SBR
Solution: 
REMOTE_ADDR: GDPR Compliance On
Host Name: [removed]
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: POST
HTTP_REFERER: https://[removed]/wp-admin/admin.php?page=ws-plugin--s2member-gen-ops
REQUEST_URI: /wp-admin/admin.php?page=ws-plugin--s2member-gen-ops
QUERY_STRING: page=ws-plugin--s2member-gen-ops
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36
REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data

    I’ve tried applying the rules below (one at a time), but I’ve had no success with this solution so far:

    # S2Member protected URL rewrite / redirect bypass
RewriteCond %{REQUEST_URI} ^/wp-admin/admin.php?page=ws-plugin--s2member-gen-ops [NC]
RewriteRule . - [S=13]

    and…

    # S2Member protected URL rewrite / redirect bypass
RewriteCond %{REQUEST_URI} ^/wp-admin/admin.php [NC]
RewriteRule . - [S=13]
    June 4, 2020 at 8:02 am #39002
    AITpro Admin
    Keymaster

    Are you using the BPS POST Attack Protection Bonus Custom Code?  If you are using the BPS POST Attack Protection Bonus Custom Code then make sure that you are not commenting out this line of code below.

    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]

    If you are not using the BPS POST Attack Protection Bonus Custom Code then try this fix below.

    1. Copy the wp-admin htaccess code below into this BPS wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
    2. Click the save wp-admin Custom Code button.
    3. Go to the BPS Setup Wizard page and run the Setup Wizard again.

    # S2Member Query String skip/bypass rule
RewriteCond %{QUERY_STRING} page=ws-plugin(.*) [NC]
RewriteRule . - [S=3]
  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.