Seach Queries Blocked – double quote code characters

[Living Miracles]

Hi,

I’m having some issues on one of my GoDaddy Managed WordPress sites with BPS Pro blocking certain search queries. This is the site: https://acourseinmiraclesnow.com

Here’s what I’ve found (all searches done using straight double quotation marks around the queries):

1. Searching “trust would settle” gets blocked.
2. Searching “settle” gets blocked.
3. Searching “trust would” does not get blocked.

And here’s the message that I get when the search is blocked: https://i.imgur.com/LWTClaM.png

How can I fix this?

Thank you!

[AITpro Admin]

This is the BPS Query String Exploits rule that is blocking the search using double quote code characters:

RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

Do these steps to allow searches with double quote code characters:
1. If you already have BPS Query String Exploits htaccess code in BPS Root Custom Code then edit the existing custom code and delete this code: |".  If you do not already have BPS Query String Exploits htaccess code in BPS Root Custom Code then Copy your BPS Query String Exploits htaccess code from your Root htaccess file to this Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS and delete this code: |".
2. Click the Save Root Custom Code button.
3. Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.

[Living Miracles]

Thanks. I’ve removed the bit of code. But the search results are still the same as before.

 

[AITpro Admin]

Double check that you have done all the Custom Code steps and clear your Browser Cache.

[Living Miracles]

I’ve done all the steps, cleared browser cache, and cleared server cache. Can you check on your end?

It seems odd to me that the |” would be causing this since not all queries in double quotation marks get blocked:

1. Searching “trust would settle” gets blocked.
2. Searching “settle” gets blocked.
3. Searching “trust would” does not get blocked.

[AITpro Admin]

Yes, I am also being blocked when searching on your site with double quote code characters and “set”.  I tested this on my site and the search worked fine after allowing double quote code characters.  The 2 parts of the security rule that are matching the SQL Injection attack vector are:  ” and set.  You can try also removing “set” from the filter as shown below, but you should not need to do that.

RewriteCond %{QUERY_STRING} (;|<|>|'|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|md5|benchmark|encode) [NC,OR]

Another possibility is that the double quote characters are being seen as their url encoded equivalent: %22.  You can try deleting |%22 from the security rule as shown below.

RewriteCond %{QUERY_STRING} (;|<|>|'|\)|%0A|%0D|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

[Living Miracles]

Thank you! I removed %22 and now things are working 🙂 Still a bit confused by this behavior, but it’s working now, so I’m happy!

Thank you for your help!

[Author]

Posts