Seach Queries Blocked – double quote code characters

Home Forums BulletProof Security Pro Seach Queries Blocked – double quote code characters

This topic contains 6 replies, has 2 voices, and was last updated by  Living Miracles 4 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #35373

    Living Miracles
    Participant

    Hi,

    I’m having some issues on one of my GoDaddy Managed WordPress sites with BPS Pro blocking certain search queries. This is the site: https://acourseinmiraclesnow.com

    Here’s what I’ve found (all searches done using straight double quotation marks around the queries):

    1. Searching “trust would settle” gets blocked.
    2. Searching “settle” gets blocked.
    3. Searching “trust would” does not get blocked.

    And here’s the message that I get when the search is blocked: https://i.imgur.com/LWTClaM.png

    How can I fix this?

    Thank you!

    #35374

    AITpro Admin
    Keymaster

    This is the BPS Query String Exploits rule that is blocking the search using double quote code characters:

    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

    Do these steps to allow searches with double quote code characters:
    1. If you already have BPS Query String Exploits htaccess code in BPS Root Custom Code then edit the existing custom code and delete this code: |".  If you do not already have BPS Query String Exploits htaccess code in BPS Root Custom Code then Copy your BPS Query String Exploits htaccess code from your Root htaccess file to this Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS and delete this code: |".
    2. Click the Save Root Custom Code button.
    3. Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.

    #35375

    Living Miracles
    Participant

    Thanks. I’ve removed the bit of code. But the search results are still the same as before.

     

    #35376

    AITpro Admin
    Keymaster

    Double check that you have done all the Custom Code steps and clear your Browser Cache.

    #35377

    Living Miracles
    Participant

    I’ve done all the steps, cleared browser cache, and cleared server cache. Can you check on your end?

    It seems odd to me that the |” would be causing this since not all queries in double quotation marks get blocked:

    1. Searching “trust would settle” gets blocked.
    2. Searching “settle” gets blocked.
    3. Searching “trust would” does not get blocked.

    #35380

    AITpro Admin
    Keymaster

    Yes, I am also being blocked when searching on your site with double quote code characters and “set”.  I tested this on my site and the search worked fine after allowing double quote code characters.  The 2 parts of the security rule that are matching the SQL Injection attack vector are:  ” and set.  You can try also removing “set” from the filter as shown below, but you should not need to do that.

    RewriteCond %{QUERY_STRING} (;|<|>|'|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|md5|benchmark|encode) [NC,OR]

    Another possibility is that the double quote characters are being seen as their url encoded equivalent: %22.  You can try deleting |%22 from the security rule as shown below.

    RewriteCond %{QUERY_STRING} (;|<|>|'|\)|%0A|%0D|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    #35383

    Living Miracles
    Participant

    Thank you! I removed %22 and now things are working 🙂 Still a bit confused by this behavior, but it’s working now, so I’m happy!

    Thank you for your help!

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.