Home › Forums › BulletProof Security Pro › Viper Cache uploads folder – 403 error
- This topic has 1 reply, 2 voices, and was last updated 5 years, 10 months ago by AITpro Admin.
-
AuthorPosts
-
guy te watsonParticipant
I installed Vipercache on another of my sites and BPS UAEG is blocking it per the Security Log and an error message on my front page. Below is the log enties, is there a custom code that I can get for BPS to unblock this plugin? Thanks!
[403 GET Request: June 28, 2018 8:00 am] BPS Pro: WP: 4.8.1 Event Code: UAEGWR-HPRA Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ REMOTE_ADDR: 24.191.17.172 Host Name: ool-18bf11ac.dyn.optonline.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://XXXXXXXXXXX.net/ REQUEST_URI: /wp-content/uploads/vipercache/minified/aed2a5893a4ccf7ca0fcbc3e264be060/1530172708index.js QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 [403 GET Request: June 28, 2018 8:00 am] BPS Pro: WP: 4.8.1 Event Code: UAEGWR-HPRA Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ REMOTE_ADDR: 24.191.17.172 Host Name: ool-18bf11ac.dyn.optonline.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://XXXXXXXXXXX.net/ REQUEST_URI: /wp-content/uploads/vipercache/minified/ce9fe47f91da17ae489f76192c0e7c2f/1530172708index.js QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
AITpro AdminKeymasterUse the CUSTOM CODE UAEG Whitelisting Method shown on the Uploads Anti-Exploit Guard UAEG – Read Me First forum topic > https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/.
Depending on which UAEG htaccess file type was created for your particular server type you will create one of these 2 whitelisting rules below.
This whitelist rule is most likely the whitelist rule that you will create for your server type (for Apache servers):
SetEnvIf Request_URI "vipercache/.*$" whitelist
This whitelist rule is not likely the whitelist rule that you will create for your server type (for LiteSpeed servers):
RewriteRule ^vipercache/.*$ - [L]
IMPORTANT: Do not forget to do the last step >
If you have an Apache server (this step is not required if you have a LiteSpeed server):
Delete the # signs in front of #Require env whitelist and #Allow from env=whitelist shown highlighted in yellow below in your UAEG code that you copied to CUSTOM CODE UAEG.# FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$"> <IfModule mod_authz_core.c> #Require env whitelist Require all denied </IfModule> <IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny #Allow from env=whitelist Deny from all </IfModule> </IfModule> </FilesMatch>
-
AuthorPosts
- You must be logged in to reply to this topic.