Theme fonts blocked

Home Forums BulletProof Security Pro Theme fonts blocked

This topic contains 3 replies, has 2 voices, and was last updated by  AITpro Admin 5 years, 6 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #13731

    Alan
    Participant

    I’m sorry if this is covered somewhere in your documentation, but the security log shows the following item a few times. I am experiencing an issue with theme fonts not loading correctly on the site. Hoping this is the issue, but don’t know how to create a whitelist rule for these theme files. Thanks for helping!

    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - March 3, 2014 - 7:53 pm <<<<<<<<<<<
    SERVER_PROTOCOL: HTTP/1.1
    REQUEST_METHOD: GET
    HTTP_REFERER: http://clta-us.org/
    REQUEST_URI: /wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.eot?v=2%23iefix%29%20format%28%22embedded-opentype%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff?v=2%29%20format%28%22woff%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.ttf?v=2%29%20format%28%22truetype%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.svg?v=2%23entypo-fontello%29%20format%28%22svg%22
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; BTRS125042; .NET CLR 2.0.50727; SE 2.X MetaSr 1.0)
    #13733

    AITpro Admin
    Keymaster

    The URI and Query String are simulating an RFI hacking attempt against your website. Create a plugin/theme Skip/Bypass rule for the Enfold Theme in BPS Custom Code.

    1. Copy the Enfold skip/bypass rule below to this BPS Root Custom Code text box:  CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.
    Note:  If your WordPress installation is a subfolder installation then add your WordPress folder name in the path.  Example:  /My-WordPress-Folder-Name/wp-content/themes/enfold/…..

    # Enfold Theme font skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/.*\.(eot|woff|ttf|svg) [NC]
    RewriteRule . - [S=13]
    #14209

    Alan
    Participant

    I added this skip/bypass rule, but the error has appeared again in the logs – at least for one user/ip address. Could something on the user’s end disallow this from loading?

    HTTP_REFERER: http://clta-us.org/member-login/
    REQUEST_URI: /wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.eot?v=2%23iefix%29%20format%28%22embedded-opentype%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff?v=2%29%20format%28%22woff%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.ttf?v=2%29%20format%28%22truetype%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.svg?v=2%23entypo-fontello%29%20format%28%22svg%22
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3; SE 2.X MetaSr 1.0)
    #14213

    AITpro Admin
    Keymaster

    I just tested the URL and the skip/bypass rule above is not working.  Try one of these instead.

    Adding an additional .* to the end of the existing skip/bypass rule.

    # Enfold Theme font skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/.*\.(eot|woff|ttf|svg).* [NC]
    RewriteRule . - [S=13]

    Or a skip/bypass rule for the entire /config-templatebuilder/ theme folder

    # Enfold Theme font skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/themes/enfold/config-templatebuilder/ [NC]
    RewriteRule . - [S=13]
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.