Theme fonts blocked

[Alan]

I’m sorry if this is covered somewhere in your documentation, but the security log shows the following item a few times. I am experiencing an issue with theme fonts not loading correctly on the site. Hoping this is the issue, but don’t know how to create a whitelist rule for these theme files. Thanks for helping!

>>>>>>>>>>> 403 GET or HEAD Request Error Logged - March 3, 2014 - 7:53 pm <<<<<<<<<<<
SERVER_PROTOCOL: HTTP/1.1
REQUEST_METHOD: GET
HTTP_REFERER: http://clta-us.org/
REQUEST_URI: /wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.eot?v=2%23iefix%29%20format%28%22embedded-opentype%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff?v=2%29%20format%28%22woff%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.ttf?v=2%29%20format%28%22truetype%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.svg?v=2%23entypo-fontello%29%20format%28%22svg%22
QUERY_STRING: 
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; BTRS125042; .NET CLR 2.0.50727; SE 2.X MetaSr 1.0)

[AITpro Admin]

The URI and Query String are simulating an RFI hacking attempt against your website. Create a plugin/theme Skip/Bypass rule for the Enfold Theme in BPS Custom Code.

1. Copy the Enfold skip/bypass rule below to this BPS Root Custom Code text box:  CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.
Note:  If your WordPress installation is a subfolder installation then add your WordPress folder name in the path.  Example:  /My-WordPress-Folder-Name/wp-content/themes/enfold/…..

# Enfold Theme font skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/.*\.(eot|woff|ttf|svg) [NC]
RewriteRule . - [S=13]

[Alan]

I added this skip/bypass rule, but the error has appeared again in the logs – at least for one user/ip address. Could something on the user’s end disallow this from loading?

HTTP_REFERER: http://clta-us.org/member-login/
REQUEST_URI: /wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.eot?v=2%23iefix%29%20format%28%22embedded-opentype%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff?v=2%29%20format%28%22woff%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.ttf?v=2%29%20format%28%22truetype%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.svg?v=2%23entypo-fontello%29%20format%28%22svg%22
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3; SE 2.X MetaSr 1.0)

[AITpro Admin]

I just tested the URL and the skip/bypass rule above is not working.  Try one of these instead.

Adding an additional .* to the end of the existing skip/bypass rule.

# Enfold Theme font skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/.*\.(eot|woff|ttf|svg).* [NC]
RewriteRule . - [S=13]

Or a skip/bypass rule for the entire /config-templatebuilder/ theme folder

# Enfold Theme font skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/themes/enfold/config-templatebuilder/ [NC]
RewriteRule . - [S=13]

[Author]

Posts