Viper Cache uploads folder – 403 error

Home Forums BulletProof Security Pro Viper Cache uploads folder – 403 error

This topic contains 1 reply, has 2 voices, and was last updated by  AITpro Admin 2 weeks, 5 days ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #35968

    guy te watson
    Participant

    I installed Vipercache on another of my sites and BPS UAEG is blocking it per the Security Log and an error message on my front page. Below is the log enties, is there a custom code that I can get for BPS to unblock this plugin? Thanks!

    [403 GET Request: June 28, 2018 8:00 am]
    BPS Pro:
    WP: 4.8.1
    Event Code: UAEGWR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 24.191.17.172
    Host Name: ool-18bf11ac.dyn.optonline.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://XXXXXXXXXXX.net/
    REQUEST_URI: /wp-content/uploads/vipercache/minified/aed2a5893a4ccf7ca0fcbc3e264be060/1530172708index.js
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
    
    [403 GET Request: June 28, 2018 8:00 am]
    BPS Pro:
    WP: 4.8.1
    Event Code: UAEGWR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 24.191.17.172
    Host Name: ool-18bf11ac.dyn.optonline.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://XXXXXXXXXXX.net/
    REQUEST_URI: /wp-content/uploads/vipercache/minified/ce9fe47f91da17ae489f76192c0e7c2f/1530172708index.js
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
    #35970

    AITpro Admin
    Keymaster

    Use the CUSTOM CODE UAEG Whitelisting Method shown on the Uploads Anti-Exploit Guard UAEG – Read Me First forum topic > https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/.

    Depending on which UAEG htaccess file type was created for your particular server type you will create one of these 2 whitelisting rules below.

    This whitelist rule is most likely the whitelist rule that you will create for your server type (for Apache servers):
    SetEnvIf Request_URI "vipercache/.*$" whitelist

    This whitelist rule is not likely the whitelist rule that you will create for your server type (for LiteSpeed servers):
    RewriteRule ^vipercache/.*$ - [L]

    IMPORTANT:  Do not forget to do the last step >
    If you have an Apache server (this step is not required if you have a LiteSpeed server):
    Delete the # signs in front of #Require env whitelist and #Allow from env=whitelist shown highlighted in yellow below in your UAEG code that you copied to CUSTOM CODE UAEG.

    # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
    <IfModule mod_authz_core.c>
    #Require env whitelist
    Require all denied
    </IfModule>
    
    <IfModule !mod_authz_core.c>
    <IfModule mod_access_compat.c>
    Order Allow,Deny
    #Allow from env=whitelist
    Deny from all
    </IfModule>
    </IfModule>
    </FilesMatch>
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.