Home › Forums › BulletProof Security Pro › UptimeRobot – Whitelist UptimeRobot Bot
Tagged: UptimeRobot, Whitelist Bots
- This topic has 25 replies, 7 voices, and was last updated 7 years, 3 months ago by DirkCYF.
-
AuthorPosts
-
AITpro AdminKeymaster
UPDATE: New Uptimerobot whitelisting code can be found here > https://forum.ait-pro.com/forums/topic/whitelist-bots-allow-good-bots-to-make-a-head-request/#post-35231
The new Custom Code features/options in BPS and BPS Pro allow you to now add this to BPS Custom Code.
1. Copy this entire section of .htaccess code below to the CUSTOM CODE REQUEST METHODS FILTERED: Whitelist User Agents or remove HEAD here text box.
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.BPS Pro 11.6+ & BPS free .53.2+
You may see this code or the 11.5+/.53.1+ code in your root htaccess file. The code does the same exact thing and is whitelisted in the same exact way.# REQUEST METHODS FILTERED # If you want to allow HEAD Requests use BPS Custom Code and copy # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code # text box: CUSTOM CODE REQUEST METHODS FILTERED. # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps. RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F] #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]
BPS Pro 11.5+ & BPS free .53.1+
# REQUEST METHODS FILTERED # If you want to allow HEAD Requests use BPS Custom Code and copy # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code # text box: CUSTOM CODE REQUEST METHODS FILTERED. # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps. RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F] RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] RewriteCond %{REMOTE_ADDR} !^(74.86.158.106|74.86.158.107|74.86.179.130|74.86.179.131|46.137.190.132|122.248.234.23) [NC] RewriteRule ^(.*)$ - [R=405,L]
BPS Pro 11.4|BPS free .53 and lower versions
# REQUEST METHODS FILTERED # If you want to allow HEAD Requests use BPS Custom Code and # remove/delete HEAD| from the Request Method filter. # Example: RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] # The TRACE, DELETE, TRACK and DEBUG Request methods should never be removed. RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC] RewriteCond %{REMOTE_ADDR} !^(74.86.158.106|74.86.158.107|74.86.179.130|74.86.179.131|46.137.190.132|122.248.234.23) [NC] RewriteRule ^(.*)$ - [F]
AITpro AdminKeymasterThe new Custom Code features/options in BPS and BPS Pro allow you to now add this to BPS Custom Code.
1. Copy this entire section of .htaccess code below to the CUSTOM CODE REQUEST METHODS FILTERED: Whitelist User Agents or remove HEAD here text box.
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.BPS Pro 11.5+ & BPS free .53.1+
# REQUEST METHODS FILTERED # If you want to allow HEAD Requests use BPS Custom Code and copy # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code # text box: CUSTOM CODE REQUEST METHODS FILTERED. # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps. RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F] #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] #RewriteRule ^(.*)$ - [R=405,L]
BPS Pro 11.4|BPS free .53 and lower versions
# REQUEST METHODS FILTERED # If you want to allow HEAD Requests use BPS Custom Code and # remove/delete HEAD| from the Request Method filter. # Example: RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] # The TRACE, DELETE, TRACK and DEBUG Request methods should never be removed. RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F]
ChazzParticipanthi
what would be the correct format for whitelisting the following agent?
Mozilla/5.0 (Java) outbrainwould it just be:
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] RewriteCond %{HTTP_USER_AGENT} !^(outbrain) [NC] RewriteRule ^(.*)$ - [F,L]
thanx!
AITpro AdminKeymasterFor Outbrain use this solution: http://forum.ait-pro.com/forums/topic/outbrain-doesnt-work-how-to-fix/#post-2072
DarkoParticipant[Topic has been merged into this relevant Topic]
Hello,
please can you tell me, how can I whitelist some IP adresses or domains. I constantly have regular error from uptime robot, and I want to allow to uptimerobot to work normally. So, how can I whitelist ip 74.86.158.107, or engine2.uptimerobot.com, or other method in BulletProof Security Pro 9.9?
[403 GET / HEAD Request: 02/12/2014 - 22:15] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 74.86.158.107 Host Name: engine2.uptimerobot.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: / QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)
AITpro AdminKeymasterUPDATE: New Uptimerobot whitelisting code can be found here > https://forum.ait-pro.com/forums/topic/whitelist-bots-allow-good-bots-to-make-a-head-request/#post-35231
@ Darko – use the method – http://forum.ait-pro.com/forums/topic/split-uptimerobot-whitelist-uptimerobot-bot/page/2/#post-8003
Cristian BalanParticipantUPDATE: New Uptimerobot whitelisting code can be found here > https://forum.ait-pro.com/forums/topic/whitelist-bots-allow-good-bots-to-make-a-head-request/#post-35231
The updated list of UptimeRobots IP’s
https://uptimerobot.com/locations
In my case the UptimeRobot IP blocked is 74.86.158.109. So the current code should be:BPS Pro 11.5+ & BPS free .53.1+
# REQUEST METHODS FILTERED # If you want to allow HEAD Requests use BPS Custom Code and copy # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code # text box: CUSTOM CODE REQUEST METHODS FILTERED. # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps. RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F] RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] RewriteCond %{REMOTE_ADDR} !^(74.86.158.106|74.86.158.107|74.86.158.108|74.86.158.109|74.86.158.110|69.162.124.226|69.162.124.227|69.162.124.228|69.162.124.229|69.162.124.230|69.162.124.231|69.162.124.232|69.162.124.233|69.162.124.234|69.162.124.235|69.162.124.236|69.162.124.237|69.162.124.238|74.86.179.130|74.86.179.131|46.137.190.132|122.248.234.23|188.226.183.141|178.62.52.237|54.79.28.129|54.94.142.218|104.131.107.63|54.67.10.127|54.64.67.106) [NC] RewriteRule ^(.*)$ - [R=405,L]
BPS Pro 11.4|BPS free .53 and lower versions
# REQUEST METHODS FILTERED # If you want to allow HEAD Requests use BPS Custom Code and # remove/delete HEAD| from the Request Method filter. # Example: RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] # The TRACE, DELETE, TRACK and DEBUG Request methods should never be removed. RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC] RewriteCond %{REMOTE_ADDR} !^(74.86.158.106|74.86.158.107|74.86.158.108|74.86.158.109|74.86.158.110|69.162.124.226|69.162.124.227|69.162.124.228|69.162.124.229|69.162.124.230|69.162.124.231|69.162.124.232|69.162.124.233|69.162.124.234|69.162.124.235|69.162.124.236|69.162.124.237|69.162.124.238|74.86.179.130|74.86.179.131|46.137.190.132|122.248.234.23|188.226.183.141|178.62.52.237|54.79.28.129|54.94.142.218|104.131.107.63|54.67.10.127|54.64.67.106) [NC] RewriteRule ^(.*)$ - [F]
rafaelmagicParticipantYou can also Whitelist HEAD requests, they are being blocked (403 error). Look at line #3 above for the example.
That will future proof in case Uptime Robot changes IPs
DirkCYFParticipant[Topic has been merged into this relevant Topic]
HiI have added:
“HTTP_USER_AGENT: Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)” and:
“uptimerobot.com” to Add User Agents|Bots to Ignore|Not Log.
But I am still getting security logs for uptimerobot every 8 minutes. How can I exclude uptimerobot from the security logs?
I have setup Uptime Robot to monitor my site every 8 minutes but its flooding my security log in BPS Pro. What can I do?
Thanks 🙂
AITpro AdminKeymasterUPDATE: New Uptimerobot whitelisting code can be found here > https://forum.ait-pro.com/forums/topic/whitelist-bots-allow-good-bots-to-make-a-head-request/#post-35231
@ DirkCYF – See this forum Reply for the steps to whitelist the UptimeRobot > https://forum.ait-pro.com/forums/topic/split-uptimerobot-whitelist-uptimerobot-bot/page/2/#post-8003
DirkCYFParticipantThanks
-
AuthorPosts
- You must be logged in to reply to this topic.