Security Log – bulletproof-security-admin-2.js

[AITpro Admin]

Email Question:

I didn’t have the bulletproof js folder whitelisted and kept getting a secuirty error:

>>>>>>>>>>> 403 GET or Other Request Error Logged - April 13, 2013 - 06:04 <<<<<<<<<<<
REMOTE_ADDR: xxxxx
Host Name: xxxxx
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: xxxxx
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: [domain name removed for privacy]/wp-admin/admin.php?page=bulletproof-security/admin/options.php
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bulletproof-security-admin-2.js?ver=3.5.1
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31

Realised what it was and once I added “bulletproof-security/admin/js/(.*).js” to the whitelist I no longer had the tabs one after each other at the top (rather than side by side) and no more secuirty errors

Also as soon as that happened an update to 5.7.1 appeared in the plugins area.

Just I’d let you know, (maybe my messing up but just in case since I expect the bulletproof js are already whitelisted)…

[AITpro Admin]

You do not need to whitelist the bulletproof-security-admin-2.js script.  It is a backend loading plugin script and not a frontend loading plugin script.  If 403 errors are being logged for the bulletproof-security-admin-2.js then one of these things is causing that issue/problem.  The update for 5.7.1 appearing at that time was just coincidental.

Plugin Firewall Test Mode is still On and needs to be turned Off.

You did not complete all of the Plugin Firewall setup steps:  Add plugin script whitelist rules to the Plugins Script/File Whitelist Text Area, click the Save Whitelist Options button and Activate the Plugin Firewall.

Your Plugin Firewall Whitelist rules have a mistake somewhere.  Your plugin scripts should have a comma and space between them and the plugin script path starts from the plugin folder name as shown below.

/nextgen-gallery/js/(.*).js, /nextgen-gallery/shutter/shutter-reloaded.js, /woocommerce/assets/js/(.*).js, /wordpress-seo/js/(.*).js, /wsecure/js/basic.js

You are using a minify plugin on your webiste.
Minify Plugins: If you are using a Minify plugin then you will probably not see Security Log entries / alerts.  Most if not all minifying plugins allow you to choose to exclude plugin scripts that you do not want to minify.  If you want to use the BPS Pro Plugin Firewall then you can choose not to minify particular plugin scripts so that you can use both minifying and the Plugin Firewall together.  It is recommended that you turn Off/deactivate minifying to get the plugin scripts that need to be whitelisted in the Plugin Firewall.  After you have added those plugin scripts to your Plugin Firewall whitelist you can then exclude those same plugin scripts from being minified in your minify plugin and turn On/activate your Minify plugin.

BulletProof Security Pro files were quarantined after installing a BPS Pro upgrade/update.
It is recommended that you create an AutoRestore exclude rule to not have ARQ check the plugins folder. The Plugin Firewall completely protects that plugins folder so it is not necessary to have ARQ check the plugins folder.  Click the link below for step by step instructions on excluding the plugins folder from being checked by ARQ.

http://forum.ait-pro.com/forums/topic/autorestore-quarantine-exclude-plugins-folder-and-themes-folder/

 

[Author]

Posts