Home › Forums › BulletProof Security Pro › Theme fonts blocked
Tagged: Enfold Theme, eot, font, fonts blocked, svg, ttf, woff
- This topic has 3 replies, 2 voices, and was last updated 10 years ago by AITpro Admin.
-
AuthorPosts
-
AlanParticipant
I’m sorry if this is covered somewhere in your documentation, but the security log shows the following item a few times. I am experiencing an issue with theme fonts not loading correctly on the site. Hoping this is the issue, but don’t know how to create a whitelist rule for these theme files. Thanks for helping!
>>>>>>>>>>> 403 GET or HEAD Request Error Logged - March 3, 2014 - 7:53 pm <<<<<<<<<<< SERVER_PROTOCOL: HTTP/1.1 REQUEST_METHOD: GET HTTP_REFERER: http://clta-us.org/ REQUEST_URI: /wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.eot?v=2%23iefix%29%20format%28%22embedded-opentype%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff?v=2%29%20format%28%22woff%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.ttf?v=2%29%20format%28%22truetype%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.svg?v=2%23entypo-fontello%29%20format%28%22svg%22 QUERY_STRING: HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; BTRS125042; .NET CLR 2.0.50727; SE 2.X MetaSr 1.0)
AITpro AdminKeymasterThe URI and Query String are simulating an RFI hacking attempt against your website. Create a plugin/theme Skip/Bypass rule for the Enfold Theme in BPS Custom Code.
1. Copy the Enfold skip/bypass rule below to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.
Note: If your WordPress installation is a subfolder installation then add your WordPress folder name in the path. Example: /My-WordPress-Folder-Name/wp-content/themes/enfold/…..# Enfold Theme font skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/.*\.(eot|woff|ttf|svg) [NC] RewriteRule . - [S=13]
AlanParticipantI added this skip/bypass rule, but the error has appeared again in the logs – at least for one user/ip address. Could something on the user’s end disallow this from loading?
HTTP_REFERER: http://clta-us.org/member-login/ REQUEST_URI: /wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.eot?v=2%23iefix%29%20format%28%22embedded-opentype%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff?v=2%29%20format%28%22woff%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.ttf?v=2%29%20format%28%22truetype%22%29,%20url%28http://clta-us.org/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.svg?v=2%23entypo-fontello%29%20format%28%22svg%22 QUERY_STRING: HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3; SE 2.X MetaSr 1.0)
AITpro AdminKeymasterI just tested the URL and the skip/bypass rule above is not working. Try one of these instead.
Adding an additional .* to the end of the existing skip/bypass rule.
# Enfold Theme font skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/.*\.(eot|woff|ttf|svg).* [NC] RewriteRule . - [S=13]
Or a skip/bypass rule for the entire /config-templatebuilder/ theme folder
# Enfold Theme font skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/themes/enfold/config-templatebuilder/ [NC] RewriteRule . - [S=13]
-
AuthorPosts
- You must be logged in to reply to this topic.