Home › Forums › BulletProof Security Pro › something legitimate is blocked : 403 Request
- This topic has 14 replies, 2 voices, and was last updated 5 months, 2 weeks ago by AITpro Admin.
-
AuthorPosts
-
pdlcParticipant
Hi,
i need help for a woocommerce website, BPS Pro: 17.4, WP: 6.4.3.
Today in the security_log file, i see a lot of 403 error for .css file like this sample :[403 GET Request: 15 avril 2024 - 10 h 19 min] BPS Pro: 17.4 WP: 6.4.3 Event Code: PFWR-PSBR-HPRA Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 94.xxx.xxx.xx Host Name: 94.xxx.xxx.xx.---.-------.---------.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://monsite.fr/ REQUEST_URI: /wp-content/plugins/monplugin/css/slick-theme.css?ver=1.0 QUERY_STRING: ver=1.0 HTTP_USER_AGENT: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0
I don’t understand why this 403 errors concern only some visitors (IP adress) and not all the visitors, and why today and not last week : i didn’t change any file on the website.
I read the forum and the help, you advise to use the Whitelist Tools to add all the file blocked, but there is only .js file inside the Whitelist no .css file…
Some of this blocked visitors are already client and last week the could buy the meal without problem.
I’m lost, Any advice ?Best regards,
Monica
AITpro AdminKeymasterThere is nothing in the Security Log entry that should be blocked. The Plugin Firewall does not protect .css files so it is very odd that a 403 error would be occurring for that file. Maybe the Plugin Firewall htaccess file has an invalid whitelist rule somewhere? Are you seeing any error messages then you go to the Plugin Firewall feature? I need to see what is going on myself. Send a WordPress admin login for this site to: info@ait-pro.com.
pdlcParticipanthi,
i check the Firewall htaccess file and i see that :
# BULLETPROOF PRO .HTACCESS PLUGIN FIREWALL # # BPS Pro 11 mod_rewrite # # BEGIN WHITELIST: Frontend Loading Website Plugin scripts/files (...) # END WHITELIST # # FORBID REMOTE ACCESS TO THESE PLUGIN FILE TYPES FROM ANYONE EXCEPT YOU RewriteCond %{REQUEST_URI} ^.*\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|html5|htx|ico|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|txt|vb|vbe|vbs|war|ws|wsf|xhtml|z|zip)$ [NC] # BEGIN PUBLIC IP (..) # END PUBLIC IP RewriteRule ^(.*)$ - [F]IP # BEGIN ADDITIONAL ROLES IP RewriteCond %{REMOTE_ADDR} !^xx.xx.xx.44$ # END ADDITIONAL ROLES IP (...) RewriteRule ^(.*)$ - [F]
I deleted the weird content. As requested I send you a WordPress admin login for this site.
Best regards,
monique
pdlcParticipantto complete my previous post: when I open the Firewall htaccess file via FTP then the invalid rule doesn’t appear?
AITpro AdminKeymasterI logged into your site and the problem is that the Plugin Firewall is not automatically creating new Plugin Firewall whitelist rules. I believe the reason for that is WordPress Crons are either disabled or not working correctly. I see that you have the WP Control plugin installed. So that could be causing the problem. Or maybe WP Crons have been disabled in your wp-config.php file. I have deactivated the Plugin Firewall feature. I recommend that you leave it deactivated and do not use it on your site due to whatever cron issues are going on with your site.
pdlcParticipantYou deactivated the Plugin Firewall feature : so my website is less secure ?
AITpro AdminKeymasterThe Plugin Firewall feature is an extra layer of protection. So not that critical. I can try to figure out the problems going on with your site at a later time, but right now I have too much on my plate. Next weekend I’ll have some spare time to fix whatever problems are going on with your website.
pdlcParticipantI check the wp-config.php file : WP-cron are not desabled.
For info, all wordpress auto updates are disabled in the wp-config.php file (core and plugins).Thanks for your help 🙂
Monique
AITpro AdminKeymasterThe problem is fixed. Something that is really strange that I have never seen before is that plugin files have this additional query string on urls > ?ver=6.4.3. Normally you would only see that on files loading on the frontend of your site and not files loading from the /plugins folder. Not really sure why that is. In any case I created custom Plugin Firewall whitelist rules for any plugin url’s that have the ?ver=6.4.3 Query string.
pdlcParticipantHi,
this morning same problem in the the Firewall htaccess file : wired rule like that
# END PUBLIC IP RewriteRule ^(.*)$ - [F]��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� IP # BEGIN ADDITIONAL ROLES IP
I deactivated the Plugin Firewall feature and i empty the Firewall htaccess file.
What should I do now?
pdlcParticipantOops sorry it looks like everything’s fine on the site now: no more weird rule and no more security log with error 403 on the .css files and the Plugin Firewall feature is reactivated, but it wasn’t me who reactivated it?
AITpro AdminKeymasterI just rechecked everything on your site and everything looks good. I think this other strange problem you are seeing is coming from corrupt browser cache. Clear/delete your browser cache.
pdlcParticipantYes, all is ok now :). Thank you very much for your help !
Best regards,
MoniqueAITpro AdminKeymasterVery welcome. Have to say that I’ve never seen this type of tricky problem before. Sometimes that means something has changed in the WordPress ecosphere and I would most likely be seeing more of this. Since no one else is reporting this particular problem then I think the weird Query strings could be caused by server-side caching on your web host server. The strange formatting characters in the Plugins htaccess file definitely looks like a corrupt browser cache issue.
If the problem returns then yeah go ahead and deactivate the Plugin Firewall feature. It’s not that critical in overall BPS Pro website protection.
AITpro AdminKeymasterCame across another person with Query Strings added to plugin urls. Why in gods name would anyone be that stupid to do something like this? It’s not WordPress itself so some plugin or theme author is screwing up majorly.
-
AuthorPosts
- You must be logged in to reply to this topic.