Twitter Cards Images – 403 error

Home Forums BulletProof Security Free Twitter Cards Images – 403 error

Tagged: 

This topic contains 4 replies, has 2 voices, and was last updated by  Javier 10 months, 4 weeks ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #33469

    Javier
    Participant

    Hi,
    when I submit a new twitter I want to show a image with the link, but the image is not showed due to BPS htaccess root file. When I’ve deactivated Root Folder BulletProof Mode (RBM) the images start to be showed.

    How can I whitelist twitter to access directly images and not having a 403 forbidden?? Same will be fine for google images and facebook.

    Thanks in advance.

    #33470

    AITpro Admin
    Keymaster

    Go to the BPS Security Log page and copy the Security Log entry that shows what is being blocked in Twitter Cards and paste the Security Log entry in your forum reply.  Are you using a plugin that adds Twitter Cards or are you using a custom script that adds Twitter Cards?

    #33473

    Javier
    Participant

    Hi, I’m adding the cards manually in the header of thw web. Here is the log

    Twitter:
    [403 GET Request: 28/06/2017 - 15:40]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 199.59.150.180
    Host Name: r-199-59-150-180.twttr.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2013/09/apis_melliferav.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: Twitterbot/1.0
    
    Google:
    [403 GET Request: 28/06/2017 - 15:40]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 81.41.133.90
    Host Name: 90.red-81-41-133.staticip.rima-tde.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.google.es/
    REQUEST_URI: /wp-content/uploads/2013/04/pulpo-mimetico2.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
    
    Facebook:
    [403 GET Request: 28/06/2017 - 15:41]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 2a03:2880:3010:cfe9:face:b00c:0:8000
    Host Name: 2a03:2880:3010:cfe9:face:b00c:0:8000
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2014/02/silky-ant-eaterv.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

    Thank you

    #33475

    AITpro Admin
    Keymaster

    I don’t see anything in the Security Log entry that you posted that would be blocked.  When I test the link from your Twitter account to your website the link works fine.  When I test viewing the image in Google Images and from your website directly the image opens fine.  Have you added any additional custom htaccess code to BPS Custom Code?  If so, post your custom htaccess code in your forum reply.  Another possibility could be that a HEAD Request is being made in addition to an image GET Request.  Try whitelisting all HEAD Requests using the steps below.

    1. Copy the htaccess code below to this BPS Root Custom Code text box: CUSTOM CODE REQUEST METHODS FILTERED.
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # REQUEST METHODS FILTERED
    # If you want to allow HEAD Requests use BPS Custom Code and copy
    # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
    # text box: CUSTOM CODE REQUEST METHODS FILTERED.
    # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F]
    #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
    #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]
    #33516

    Javier
    Participant

    Hi, thans for the info. Finally I’ve updated the plugin and all is working ok. Now the twitter images are not grey and are readed correctly. Thank you!

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.