Home › Forums › BulletProof Security Pro › cURL Scanner not working, cURL Scanner blocked
Tagged: cURL Scanner
- This topic has 6 replies, 2 voices, and was last updated 11 years, 2 months ago by
Leo A. Geis.
-
AuthorPosts
-
Leo A. Geis
ParticipantKimili Flash Embed Plugin doesn’t seem to cooperate with the cURL functionality, so I went through the plugin’s folders and pulled the .js and .swf files, and entered them into the Firewall Whitelist Text Area: I also included a .swf address that will not appear in its page (/2012/12/idaho-capitol-winter-snow-aerial.swf, which sits on the page idahoairships.com/2012/12/25/a-synthetically-white-christmas-in-boise-idaho/
/kimili-flash-embed/lib/expressInstall.swf, /jetpack/modules/sharedaddy/sharing.js, qver=20121205.pagespeed.jm.QXaty7iUIZ.js, /kimili-flash-embed/admin/config.php, /kimili-flash-embed/kml_fashembed.php, /kimili-flash-embed/admin/config.php, /kimili-flash-embed/js/kfe.js, /kimili-flash-embed/swfobject.js, /kimili-flash-embed/lib/tinymce3/editor_plugin.js, /kimili-flash-embed/lib/tinymce3/langs/en.js, /2012/12/idaho-capitol-winter-snow-aerial.swf, /kimili-flash-embed/lib/tinymce3/langs/es.js, /kimili-flash-embed/lib/tinymce3/langs/be.js, /kimili-flash-embed/lib/tinymce3/langs/ru.js
From my Security Log:
>>>>>>>>>>> 403 GET or HEAD Request Error Logged - December 1, 2013 - 4:26 pm <<<<<<<<<<< REMOTE_ADDR: 24.119.239.2 Host Name: 24-119-239-2.cpe.cableone.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.idahoairships.com/2012/12/25/a-synthetically-white-christmas-in-boise-idaho/ REQUEST_URI: /wp-content/uploads/2012/12/idaho-capitol-winter-snow-aerial.swf QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36
I then saved the Whitelist, put things in BulletProof Mode (“plugins.htaccess to your plugins folder and renames the file name to just .htaccess”), and clicked the Activate Button. I checked the .htaccess file in my plugins folder, and everything seems OK:
# BEGIN WHITELIST: Frontend Loading Website Plugin scripts/files SetEnvIf Request_URI "/bulletproof-security/400.php$" whitelist SetEnvIf Request_URI "/bulletproof-security/403.php$" whitelist SetEnvIf Request_URI "/kimili-flash-embed/lib/expressInstall.swf$" whitelist SetEnvIf Request_URI "/jetpack/modules/sharedaddy/sharing.js$" whitelist SetEnvIf Request_URI "qver=20121205.pagespeed.jm.QXaty7iUIZ.js$" whitelist SetEnvIf Request_URI "/kimili-flash-embed/admin/config.php$" whitelist SetEnvIf Request_URI "/kimili-flash-embed/kml_fashembed.php$" whitelist SetEnvIf Request_URI "/kimili-flash-embed/admin/config.php$" whitelist SetEnvIf Request_URI "/kimili-flash-embed/js/kfe.js$" whitelist SetEnvIf Request_URI "/kimili-flash-embed/swfobject.js$" whitelist SetEnvIf Request_URI "/kimili-flash-embed/lib/tinymce3/editor_plugin.js$" whitelist SetEnvIf Request_URI "/kimili-flash-embed/lib/tinymce3/langs/en.js$" whitelist SetEnvIf Request_URI "/2012/12/idaho-capitol-winter-snow-aerial.swf$" whitelist SetEnvIf Request_URI "/kimili-flash-embed/lib/tinymce3/langs/es.js$" whitelist SetEnvIf Request_URI "/kimili-flash-embed/lib/tinymce3/langs/be.js$" whitelist SetEnvIf Request_URI "/kimili-flash-embed/lib/tinymce3/langs/ru.js$" whitelist # END WHITELIST
So, I’m kind of lost on where to go from here… Any ideas?
AITpro Admin
KeymasterIf you wanted to get frontloading plugin scripts manually then you could look at the source code of a website page and grab only plugin scripts with this path /plugins/ blah and ending with either a .js, .php or .swf file extension, but that is the most difficult way to go about getting frontloading plugin scripts. I use Kimili on a website and the only plugin whitelist rule that is needed is this one:
/kimili-flash-embed/lib/expressInstall.swf
Jetpack loads a ton of frontloading plugin scripts so using Regular Expressions (.*) to match all .js Jetpack scripts is the way to go. These are the only 2 plugin script whitelist rules (valid) so far. if you have Jetpack installed there are more.
/kimili-flash-embed/lib/expressInstall.swf, /jetpack/modules/(.*).js
If the cURL scanner is unable to detect a frontloading plugin scripts that needs to be whitelisted then that plugin script will be logged in the Security Log file. So it is much simpler to get plugin scripts from your Security Log if the cURL scanner is not automatically finding them.
Help & FAQ resources
http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/
http://forum.ait-pro.com/forums/topic/security-log-http-error-log-read-me-first/
http://forum.ait-pro.com/video-tutorials/#security-log-firewallThis does not appear to be a valid Plugin Firewall whitelist rule. I will scan your site remotely and see what happens.
qver=20121205.pagespeed.jm.QXaty7iUIZ.js
This actually has to do with UAEG and not the Plugin Firewall since the path does not contain /plugins/ in the path and instead is a file in your /uploads folder.
/wp-content/uploads/2012/12/idaho-capitol-winter-snow-aerial.swf
You would do what is shown in this link below except do this for swf files and not gz or tar files.
http://forum.ait-pro.com/forums/topic/unable-to-download-gz-or-tar-files-uploads-anti-exploit-guard-htaccess-file/#post-6514AITpro Admin
KeymasterYes, you are correct – the cURL scanner is being blocked on your site internally and remotely – I am not getting anything when scanning your site. So that means your web host or something else you have installed is preventing cURL scanning of your website. That leaves you with getting frontloading plugin scripts from your Security Log file.
AITpro Admin
KeymasterI have a feeling that the issue you had with the Wizards and the cURL Scanner not working may have to do with Google pagespeed. Not sure about that, but looking at how the URL’s are all transformed in the Source Code of your website pages I would not be surprised if that is the issue. At some point I will get around to testing pagespeed. It is on the to do list and is getting closer to the top of the list. 😉
Leo A. Geis
ParticipantSolved the .swf rejection: http://www.idahoairships.com/bps/bps.html One thing I neglected to cover: when I try to install a Kimili Flash Embed instance via the icon in the “Kitchen Sink” authoring environment, I get a nastygram:
You don't have permission to access /wp-content/plugins/kimili-flash-embed/admin/config.php on this server. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
This in spite of having that config.php whitelisted. However, if I just copy the instance out of a previous post and paste it in the new document/page/post, and change the URL…it works perfectly, so the fracture is somewhere between the Kitchen Sink icon and whatever functionality is downstream from it. Sure hope you’re not having to deal with this on Sunday night…
AITpro Admin
KeymasterHad a busy morning so just watched the video link you posted. 😉
Yes, the method you chose to move your swf to another folder other than the /uploads folder is a much better solution then removing the swf file extension from the UAEG .htaccess file.
The PHP Error is caused by invalid code in your wp-config.php file. It will occur continuously and constantly until that code is fixed. So what you are seeing is those errors occurring so frequently/constantly that resetting your php error log timestamp is clearing/resetting the timestamp, but you are getting new php errors right away so what needs to happen is the coding problem in your wp-config.php file needs to be fixed to solve this permanently.
At the bottom of your wp-config.php file you should see this standard WordPress wp-config.php code. If this code has been altered then what you can do is look at the wp-config-sample.php file that comes with WordPress to use this file to compare with your wp-config.php file code and make any changes that are necessary to fix the code in your wp-config.php file.
/** Absolute path to the WordPress directory. */ if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); /** Sets up WordPress vars and included files. */ require_once(ABSPATH . 'wp-settings.php');
Leo A. Geis
ParticipantWorked perfectly. You are a superstar-thanks for the help: my installations are functioning perfectly.
-
AuthorPosts
- You must be logged in to reply to this topic.