UptimeRobot – Whitelist UptimeRobot Bot

Home Forums BulletProof Security Pro UptimeRobot – Whitelist UptimeRobot Bot

This topic contains 25 replies, has 7 voices, and was last updated by  DirkCYF 1 year, 9 months ago.

Viewing 11 posts - 16 through 26 (of 26 total)
  • Author
    Posts
  • #7168

    AITpro Admin
    Keymaster

    UPDATE: New Uptimerobot whitelisting code can be found here > https://forum.ait-pro.com/forums/topic/whitelist-bots-allow-good-bots-to-make-a-head-request/#post-35231

    The new Custom Code features/options in BPS and BPS Pro allow you to now add this to BPS Custom Code.

    1. Copy this entire section of .htaccess code below to the CUSTOM CODE REQUEST METHODS FILTERED: Whitelist User Agents or remove HEAD here text box.
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    BPS Pro 11.6+ & BPS free .53.2+
    You may see this code or the 11.5+/.53.1+ code in your root htaccess file.  The code does the same exact thing and is whitelisted in the same exact way.

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and copy
    # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
    # text box: CUSTOM CODE REQUEST METHODS FILTERED.
    # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
    #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

    BPS Pro 11.5+ & BPS free .53.1+

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and copy
    # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
    # text box: CUSTOM CODE REQUEST METHODS FILTERED.
    # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
    RewriteCond %{REMOTE_ADDR} !^(74.86.158.106|74.86.158.107|74.86.179.130|74.86.179.131|46.137.190.132|122.248.234.23) [NC]
    RewriteRule ^(.*)$ - [R=405,L]

    BPS Pro 11.4|BPS free .53 and lower versions

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and 
    # remove/delete HEAD| from the Request Method filter.
    # Example: RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    # The TRACE, DELETE, TRACK and DEBUG Request methods should never be removed.
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteCond %{REMOTE_ADDR} !^(74.86.158.106|74.86.158.107|74.86.179.130|74.86.179.131|46.137.190.132|122.248.234.23) [NC]
    RewriteRule ^(.*)$ - [F]
    #8003

    AITpro Admin
    Keymaster

    The new Custom Code features/options in BPS and BPS Pro allow you to now add this to BPS Custom Code.

    1. Copy this entire section of .htaccess code below to the CUSTOM CODE REQUEST METHODS FILTERED: Whitelist User Agents or remove HEAD here text box.
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    BPS Pro 11.5+ & BPS free .53.1+

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and copy
    # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
    # text box: CUSTOM CODE REQUEST METHODS FILTERED.
    # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
    #RewriteRule ^(.*)$ - [R=405,L]

    BPS Pro 11.4|BPS free .53 and lower versions

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and 
    # remove/delete HEAD| from the Request Method filter.
    # Example: RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    # The TRACE, DELETE, TRACK and DEBUG Request methods should never be removed.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    #19177

    Chazz
    Participant

    hi

    what would be the correct format for whitelisting the following agent?
    Mozilla/5.0 (Java) outbrain

    would it just be:

    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteCond %{HTTP_USER_AGENT} !^(outbrain) [NC]
    RewriteRule ^(.*)$ - [F,L]
    

    thanx!

    #19182

    AITpro Admin
    Keymaster
    #19583

    Darko
    Participant

    [Topic has been merged into this relevant Topic]

    Hello,

    please can you tell me, how can I whitelist some IP adresses or domains. I constantly have regular error from uptime robot, and I want to allow to uptimerobot to work normally. So, how can I whitelist ip 74.86.158.107, or engine2.uptimerobot.com, or other method in BulletProof Security Pro 9.9?

    [403 GET / HEAD Request: 02/12/2014 - 22:15]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 74.86.158.107
    Host Name: engine2.uptimerobot.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)
    #19586

    AITpro Admin
    Keymaster
    #25795

    Cristian Balan
    Participant

    UPDATE: New Uptimerobot whitelisting code can be found here > https://forum.ait-pro.com/forums/topic/whitelist-bots-allow-good-bots-to-make-a-head-request/#post-35231

    The updated list of UptimeRobots IP’s
    https://uptimerobot.com/locations
    In my case the UptimeRobot IP blocked is 74.86.158.109. So the current code should be:

    BPS Pro 11.5+ & BPS free .53.1+

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and copy
    # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
    # text box: CUSTOM CODE REQUEST METHODS FILTERED.
    # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
    RewriteCond %{REMOTE_ADDR} !^(74.86.158.106|74.86.158.107|74.86.158.108|74.86.158.109|74.86.158.110|69.162.124.226|69.162.124.227|69.162.124.228|69.162.124.229|69.162.124.230|69.162.124.231|69.162.124.232|69.162.124.233|69.162.124.234|69.162.124.235|69.162.124.236|69.162.124.237|69.162.124.238|74.86.179.130|74.86.179.131|46.137.190.132|122.248.234.23|188.226.183.141|178.62.52.237|54.79.28.129|54.94.142.218|104.131.107.63|54.67.10.127|54.64.67.106) [NC]
    RewriteRule ^(.*)$ - [R=405,L]

    BPS Pro 11.4|BPS free .53 and lower versions

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and 
    # remove/delete HEAD| from the Request Method filter.
    # Example: RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    # The TRACE, DELETE, TRACK and DEBUG Request methods should never be removed.
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteCond %{REMOTE_ADDR} !^(74.86.158.106|74.86.158.107|74.86.158.108|74.86.158.109|74.86.158.110|69.162.124.226|69.162.124.227|69.162.124.228|69.162.124.229|69.162.124.230|69.162.124.231|69.162.124.232|69.162.124.233|69.162.124.234|69.162.124.235|69.162.124.236|69.162.124.237|69.162.124.238|74.86.179.130|74.86.179.131|46.137.190.132|122.248.234.23|188.226.183.141|178.62.52.237|54.79.28.129|54.94.142.218|104.131.107.63|54.67.10.127|54.64.67.106) [NC]
    RewriteRule ^(.*)$ - [F]
    #25810

    rafaelmagic
    Participant

    You can also Whitelist HEAD requests, they are being blocked (403 error). Look at line #3 above for the example.

    That will future proof in case Uptime Robot changes IPs

    #34461

    DirkCYF
    Participant

    [Topic has been merged into this relevant Topic]
    Hi

    I have added:

    “HTTP_USER_AGENT: Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)” and:

    “uptimerobot.com” to  Add User Agents|Bots to Ignore|Not Log.

    But I am still getting security logs for uptimerobot every 8 minutes. How can I exclude uptimerobot from the security logs?

    I have setup Uptime Robot to monitor my site every 8 minutes but its flooding my security log in BPS Pro. What can I do?

    Thanks 🙂

    #34467

    AITpro Admin
    Keymaster

    UPDATE: New Uptimerobot whitelisting code can be found here > https://forum.ait-pro.com/forums/topic/whitelist-bots-allow-good-bots-to-make-a-head-request/#post-35231

    @ DirkCYF – See this forum Reply for the steps to whitelist the UptimeRobot > https://forum.ait-pro.com/forums/topic/split-uptimerobot-whitelist-uptimerobot-bot/page/2/#post-8003

    #34469

    DirkCYF
    Participant

    Thanks

Viewing 11 posts - 16 through 26 (of 26 total)

You must be logged in to reply to this topic.