S2Member – POST wp-admin 403 Forbidden Error – ws-plugin Query String

Home Forums BulletProof Security Free S2Member – POST wp-admin 403 Forbidden Error – ws-plugin Query String

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #38998
    David Armstrong
    Participant

    I’ve encountered the “403 Forbidden Error Page” with s2Member.  It’s occurring when I try to save changes to modified membership level names.

    BPS is throwing the WPADMIN-SBR event when this happens and using the information I’ve found here so far, the recommended BPS solution is detailed here:
    https://forum.ait-pro.com/forums/topic/s2member-protected-page-403-error/

    Here’s the event from my BPS log:

    [403 POST Request: June 4, 2020 - 5:48 pm]
    BPS: 4.0
    WP: 5.4.1
    Event Code: WPADMIN-SBR
    Solution: 
    REMOTE_ADDR: GDPR Compliance On
    Host Name: [removed]
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: GDPR Compliance On
    HTTP_FORWARDED: GDPR Compliance On
    HTTP_X_FORWARDED_FOR: GDPR Compliance On
    HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
    REQUEST_METHOD: POST
    HTTP_REFERER: https://[removed]/wp-admin/admin.php?page=ws-plugin--s2member-gen-ops
    REQUEST_URI: /wp-admin/admin.php?page=ws-plugin--s2member-gen-ops
    QUERY_STRING: page=ws-plugin--s2member-gen-ops
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36
    REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data
    

    I’ve tried applying the rules below (one at a time), but I’ve had no success with this solution so far:

    # S2Member protected URL rewrite / redirect bypass
    RewriteCond %{REQUEST_URI} ^/wp-admin/admin.php?page=ws-plugin--s2member-gen-ops [NC]
    RewriteRule . - [S=13]
    

    and…

    # S2Member protected URL rewrite / redirect bypass
    RewriteCond %{REQUEST_URI} ^/wp-admin/admin.php [NC]
    RewriteRule . - [S=13]
    
    #39002
    AITpro Admin
    Keymaster

    Are you using the BPS POST Attack Protection Bonus Custom Code?  If you are using the BPS POST Attack Protection Bonus Custom Code then make sure that you are not commenting out this line of code below.

    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]

    If you are not using the BPS POST Attack Protection Bonus Custom Code then try this fix below.

    1. Copy the wp-admin htaccess code below into this BPS wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
    2. Click the save wp-admin Custom Code button.
    3. Go to the BPS Setup Wizard page and run the Setup Wizard again.

    # S2Member Query String skip/bypass rule
    RewriteCond %{QUERY_STRING} page=ws-plugin(.*) [NC]
    RewriteRule . - [S=3]
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.