Twitter Cards Images – 403 error

[Javier]

Hi,
when I submit a new twitter I want to show a image with the link, but the image is not showed due to BPS htaccess root file. When I’ve deactivated Root Folder BulletProof Mode (RBM) the images start to be showed.

How can I whitelist twitter to access directly images and not having a 403 forbidden?? Same will be fine for google images and facebook.

Thanks in advance.

[AITpro Admin]

Go to the BPS Security Log page and copy the Security Log entry that shows what is being blocked in Twitter Cards and paste the Security Log entry in your forum reply.  Are you using a plugin that adds Twitter Cards or are you using a custom script that adds Twitter Cards?

[Javier]

Hi, I’m adding the cards manually in the header of thw web. Here is the log

Twitter:
[403 GET Request: 28/06/2017 - 15:40]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 199.59.150.180
Host Name: r-199-59-150-180.twttr.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2013/09/apis_melliferav.jpg
QUERY_STRING:
HTTP_USER_AGENT: Twitterbot/1.0

Google:
[403 GET Request: 28/06/2017 - 15:40]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 81.41.133.90
Host Name: 90.red-81-41-133.staticip.rima-tde.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://www.google.es/
REQUEST_URI: /wp-content/uploads/2013/04/pulpo-mimetico2.jpg
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

Facebook:
[403 GET Request: 28/06/2017 - 15:41]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 2a03:2880:3010:cfe9:face:b00c:0:8000
Host Name: 2a03:2880:3010:cfe9:face:b00c:0:8000
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2014/02/silky-ant-eaterv.jpg
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

Thank you

[AITpro Admin]

I don’t see anything in the Security Log entry that you posted that would be blocked.  When I test the link from your Twitter account to your website the link works fine.  When I test viewing the image in Google Images and from your website directly the image opens fine.  Have you added any additional custom htaccess code to BPS Custom Code?  If so, post your custom htaccess code in your forum reply.  Another possibility could be that a HEAD Request is being made in addition to an image GET Request.  Try whitelisting all HEAD Requests using the steps below.

1. Copy the htaccess code below to this BPS Root Custom Code text box: CUSTOM CODE REQUEST METHODS FILTERED.
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]

[Javier]

Hi, thans for the info. Finally I’ve updated the plugin and all is working ok. Now the twitter images are not grey and are readed correctly. Thank you!

[Author]

Posts