Home › Forums › BulletProof Security Pro › UpdraftPlus Google Drive – 403 error
Tagged: 403 error
- This topic has 4 replies, 2 voices, and was last updated 5 years, 6 months ago by AITpro Admin.
-
AuthorPosts
-
HannahParticipant
I’m trying to reauthorize the UpdraftPlus backups plugin to send files to my client’s Google Drive for storage but I’m getting 403 errors like this one. I’ve tried with and without PFW activated and after activating the Test Mode…no change. No minification plugins installed.:
[403 GET Request: September 28, 2018 - 10:29 am] BPS Pro: 13.7 WP: 4.9.8 Event Code: WPADMIN-SBR Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: GDPR Compliance On Host Name: 47-36-184-11.dhcp.mdfd.or.charter.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: GDPR Compliance On HTTP_FORWARDED: GDPR Compliance On HTTP_X_FORWARDED_FOR: GDPR Compliance On HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On REQUEST_METHOD: GET HTTP_REFERER: https://accounts.google.com/signin/oauth/consent?authuser=1&part=AJi8hAPT3HfVNahLVx3B8j-jRNePlSsla63B8ic0iaG6UqgKz_22gWCXssNY7jkxNORsgx_RxqXHi6J4bn38l_0Ss0ospUYM7YI9CiSCYqHhv5oRucFrduAU8YaVRbjJUjjjyMv5f59DiIUtR1SySYvigV4go3b649R9pqrY6GT0U9RfItPzqkDRPD0GjxhA32Le1v2ENr-BjT0pV2NMd_ByYBLZ3gyjuffFIGfTcCJAS0JBs3BfR3tkkCqbtPVIntCO0r0Wy7f4YEeGT-6TPkd7ufURAjRx6XhC2n02zoSI49fCrP2xD7xBidWhBUuZ22FyscFOFn9nPjOBWKGxIbNg1Uk-XRQ18Nfn63Z2aX3O5gie18_g9jgKTeFmO02K3t_lUBcGgUYrVDAEBWjnVOoWrIW7y7aXu-7HRdasY4xEBNQoHoDF-YKWYIIDbmPXS6g-ndGS22ejwLLdPrbX1bky35YJQ-Aiehm3StOf9EJW48F2KQVRnFQp1OBt5_kiqsIXpF352UuI&hl=en&as=R8LMcnPV8ko1EWYdfOp1dQ REQUEST_URI: /wp-admin/options-general.php?action=updraftmethod-googledrive-auth&state=token:s-3a66c1313d4ab4155a2cc536bcdab666&code=4/aABAB4iyzvt07baGawQlhqLAnFrzTiWRngb1oIrU3ADCDpJ6CUXxH4ceBh1uVzdqlmsr9wx4ThHX2egTsAb1hbI&scope=https://www.googleapis.com/auth/drive%20https://www.googleapis.com/auth/userinfo.profile QUERY_STRING: action=updraftmethod-googledrive-auth&state=token:s-3a66c1313d4ab4155a2cc536bcdab666&code=4/aABAB4iyzvt07baGawQlhqLAnFrzTiWRngb1oIrU3ADCDpJ6CUXxH4ceBh1uVzdqlmsr9wx4ThHX2egTsAb1hbI&scope=https://www.googleapis.com/auth/drive%20https://www.googleapis.com/auth/userinfo.profile HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:62.0) Gecko/20100101 Firefox/62.0
AITpro AdminKeymasterI believe this is going to be an RFI security rule problem in either the root and/or wp-admin htaccess file(s). Give me a minute to test this and I will post a solution back here.
AITpro AdminKeymasterYep, this is an RFI security rule problem in the wp-admin htaccess file. Do the steps below to whitelist the UpdraftPlus Query String, which is simulating an RFI hacking attempt against your website. Important note: If you deactivate wp-admin BulletProof Mode in the future then the root htaccess file will block this UpdraftPlus Query String and you would need to whitelist the RFI security rules in the root htaccess file. You do not need to do that at this time assuming you have root BulletProof Mode activated.
1. Copy the modified wp-admin htaccess code below to this BPS wp-admin Custom Code text box: 4. CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
2. Click the Save wp-admin Custom Code button.
3. Go to the Security Modes page and click the wp-admin BulletProof Mode Activate button.# BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS # WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED # Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently. RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] #RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR] RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F] # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
HannahParticipantSent this via email on the 28th and it bounced back to me just now so I didn’t realize you hadn’t seen it yet. But what I meant to say was that you are a rockstar! This worked perfectly, and I really appreciate your quick response, too!
AITpro AdminKeymasterGreat! Glad to hear that worked. I like the easy ones.
-
AuthorPosts
- You must be logged in to reply to this topic.