Home › Forums › BulletProof Security Pro › UAEG Whitelist Dated Subfolders
- This topic has 5 replies, 2 voices, and was last updated 3 years, 9 months ago by
AITpro Admin.
-
AuthorPosts
-
bay
ParticipantHaving a bit of a tough time with this. I’ve read through the docs and tried whitelisting the parent folder and also adding the relevant .htaccess file with RewriteEngine Off (or whatever it was, not looking atm) but neither worked. I assume it’s because there are subfolders. Redacted a bit below but this is the log spam I’m getting.
[403 GET Request: July BPS Pro: 14.5 WP: 5.4.2 Event Code: UAEGWR-HPRA Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ REMOTE_ADDR: Host Name: rrcs SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://bi REQUEST_URI: /store/wp-content/uploads/woocommerce_uploads/woocommerce_pdf_product_vouchers/2020-07/XXXX.png QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0
AITpro Admin
KeymasterUAEG does not block image files (.png, .jpg, etc). Whitelisting a parent folder will automatically whitelist all subfolders of that parent folder. Most likely what is happening is a js or php file is calling the image files and the Security Log entries are showing the error for retrieving the image file. In other words, the exact root cause is not displayed in the Security Log entry.
Deactivate UAEG to make sure UAEG is actually causing the problem. If UAEG is causing the problem activate UAEG again, go to the BPS Pro > B-Core > htaccess File Editor tab page > click the Your Current Uploads htaccess File tab > copy your entire UAEG htaccess file contents and post it in your forum reply or send it via email to: info at ait-pro dot com.
ParticipantI tried the whitelist on the folder listed, but as you are saying, it seems the problem file isn’t located there.
# BULLETPROOF PRO UPLOADS FOLDER .HTACCESS # # BPS mod_authz_core IfModule BC # Allow,Deny # First, all Allow directives are evaluated. At least one must match, or the request is rejected. # Next, all Deny directives are evaluated. If any matches, the request is rejected. # Last, any requests which do not match an Allow or a Deny directive are denied by default. # # Deny,Allow # First, all Deny directives are evaluated. If any match, the request is denied unless # it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted. # # *Match* -------------------- *Allow,Deny result* -------------------- *Deny,Allow result* # Match Allow only ----------- Request allowed ------------------------ Request allowed # Match Deny only ------------ Request denied ------------------------- Request denied # No match ------------------- Default to second directive: Denied ---- Default to second directive: Allowed # Match both Allow & Deny ---- Final match controls: Denied ----------- Final match controls: Allowed # # NOTE: The zip file extension can be added to block remote access or execution of zip files, several plugins create # create either temporary or permanent zip files in the uploads folder. This may block those plugins from being # able to create zip files in your uploads folder. # # BEGIN WHITELIST # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front # of the whitelist rule you want to use, add the actual filename or folder name you want to whitelist and also # delete the # sign in front of #Require env whitelist and #Allow from env=whitelist. # Whitelist a specific js file in the uploads folder: example.js #SetEnvIf Request_URI "example.js$" whitelist # Whitelist an entire folder in the uploads folder: /uploads/example-folder/ SetEnvIf Request_URI "uploads/woocommerce_uploads/woocommerce_pdf_product_vouchers/*/.*$" whitelist # END WHITELIST # # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$"> <IfModule mod_authz_core.c> Require env whitelist Require all denied </IfModule> <IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny Allow from env=whitelist Deny from all </IfModule> </IfModule> </FilesMatch> # FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg <FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$"> <IfModule mod_authz_core.c> #Require env whitelist Require all denied </IfModule> <IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny #Allow from env=whitelist Deny from all </IfModule> </IfModule> </FilesMatch>
KeymasterChange the SetEnvIf whitelist rule to this:
SetEnvIf Request_URI "woocommerce_uploads/.*$" whitelist
Uncomment (delete the # sign) in front of “Allow from” in this section of code:
<IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny Allow from env=whitelist Deny from all </IfModule> </IfModule> </FilesMatch>
ParticipantStill getting it, interestingly enough. The issue doesn’t break the website, so it’s not critical.
# BULLETPROOF PRO UPLOADS FOLDER .HTACCESS # # BPS mod_authz_core IfModule BC # Allow,Deny # First, all Allow directives are evaluated. At least one must match, or the request is rejected. # Next, all Deny directives are evaluated. If any matches, the request is rejected. # Last, any requests which do not match an Allow or a Deny directive are denied by default. # # Deny,Allow # First, all Deny directives are evaluated. If any match, the request is denied unless # it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted. # # *Match* -------------------- *Allow,Deny result* -------------------- *Deny,Allow result* # Match Allow only ----------- Request allowed ------------------------ Request allowed # Match Deny only ------------ Request denied ------------------------- Request denied # No match ------------------- Default to second directive: Denied ---- Default to second directive: Allowed # Match both Allow & Deny ---- Final match controls: Denied ----------- Final match controls: Allowed # # NOTE: The zip file extension can be added to block remote access or execution of zip files, several plugins create # create either temporary or permanent zip files in the uploads folder. This may block those plugins from being # able to create zip files in your uploads folder. # # BEGIN WHITELIST # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front # of the whitelist rule you want to use, add the actual filename or folder name you want to whitelist and also # delete the # sign in front of #Require env whitelist and #Allow from env=whitelist. # Whitelist a specific js file in the uploads folder: example.js #SetEnvIf Request_URI "example.js$" whitelist # Whitelist an entire folder in the uploads folder: /uploads/example-folder/ SetEnvIf Request_URI "woocommerce_uploads/.*$" whitelist # END WHITELIST # # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$"> <IfModule mod_authz_core.c> Require env whitelist Require all denied </IfModule> <IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny Allow from env=whitelist Deny from all </IfModule> </IfModule> </FilesMatch> # FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg <FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$"> <IfModule mod_authz_core.c> #Require env whitelist Require all denied </IfModule> <IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny Allow from env=whitelist Deny from all </IfModule> </IfModule> </FilesMatch>
KeymasterTry clearing any caching plugins cache and your Browser cache and check again. If the problem is still occurring then deactivate UAEG. If you want me to figure this out then send me a WordPress Administrator login to this website. Email: info at ait-pro dot com.
-
AuthorPosts
- You must be logged in to reply to this topic.