Home › Forums › BulletProof Security Free › S2Member – POST wp-admin 403 Forbidden Error – ws-plugin Query String
- This topic has 1 reply, 1 voice, and was last updated 4 years, 4 months ago by AITpro Admin.
-
AuthorPosts
-
David ArmstrongParticipant
I’ve encountered the “403 Forbidden Error Page” with s2Member. It’s occurring when I try to save changes to modified membership level names.
BPS is throwing the WPADMIN-SBR event when this happens and using the information I’ve found here so far, the recommended BPS solution is detailed here:
https://forum.ait-pro.com/forums/topic/s2member-protected-page-403-error/Here’s the event from my BPS log:
[403 POST Request: June 4, 2020 - 5:48 pm] BPS: 4.0 WP: 5.4.1 Event Code: WPADMIN-SBR Solution: REMOTE_ADDR: GDPR Compliance On Host Name: [removed] SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: GDPR Compliance On HTTP_FORWARDED: GDPR Compliance On HTTP_X_FORWARDED_FOR: GDPR Compliance On HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On REQUEST_METHOD: POST HTTP_REFERER: https://[removed]/wp-admin/admin.php?page=ws-plugin--s2member-gen-ops REQUEST_URI: /wp-admin/admin.php?page=ws-plugin--s2member-gen-ops QUERY_STRING: page=ws-plugin--s2member-gen-ops HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data
I’ve tried applying the rules below (one at a time), but I’ve had no success with this solution so far:
# S2Member protected URL rewrite / redirect bypass RewriteCond %{REQUEST_URI} ^/wp-admin/admin.php?page=ws-plugin--s2member-gen-ops [NC] RewriteRule . - [S=13]
and…
# S2Member protected URL rewrite / redirect bypass RewriteCond %{REQUEST_URI} ^/wp-admin/admin.php [NC] RewriteRule . - [S=13]
AITpro AdminKeymasterAre you using the BPS POST Attack Protection Bonus Custom Code? If you are using the BPS POST Attack Protection Bonus Custom Code then make sure that you are not commenting out this line of code below.
# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]
If you are not using the BPS POST Attack Protection Bonus Custom Code then try this fix below.
1. Copy the wp-admin htaccess code below into this BPS wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
2. Click the save wp-admin Custom Code button.
3. Go to the BPS Setup Wizard page and run the Setup Wizard again.# S2Member Query String skip/bypass rule RewriteCond %{QUERY_STRING} page=ws-plugin(.*) [NC] RewriteRule . - [S=3]
-
AuthorPosts
- You must be logged in to reply to this topic.