Home › Forums › BulletProof Security Pro › Visual Composer – 403 error
Tagged: 403 error, Visual Composer
- This topic has 26 replies, 5 voices, and was last updated 8 years, 5 months ago by
Matt Zahy.
-
AuthorPosts
-
jenni101
Participant[Topic has been merged into this relevant Topic]
Hi,
I’ve just seen a very similar issue for the visual composer plugin. I have the plugin and it looks like BPS is trying to add the rule to the firwall whitelist but is instead getting blocked st the security stage or similar. The security log looks like this, repeated over and over for the last 2 days: and when I check in the plugin firewall whitelist it hasn’t been added. Any ideas?[Plugin Firewall AutoPilot Mode New Whitelist Rule(s) Created: April 3, 2016 - 6:43 pm] Whitelist Rule: /js_composer/assets/js/js_composer_front.js
So I’ve added this to catch all js in sub-folders of the Visual composer assets folder – is that correct?
/js_composer/assets/js/(.*).js manually, as well as this /js_composer/assets/(.*).js
Cheers.
PS. using BPS version 11.6.1 as I’ve had to restore a backup for another plugin issue, but will update to the latest version tomorrow.AITpro Admin
Keymaster@ jenni101 – The Visual Composer plugin requires additional skip/bypass rules: http://forum.ait-pro.com/forums/topic/visual-composer-blocked-by-bps-pro/#post-25258
If Plugin Firewall AutoPilot Mode is not creating whitelist rules automatically for various reasons and needs to be reset/cleared do these steps: http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/page/2/#post-26268
jenni101
ParticipantThanks for your help. I already have the recommended code in the BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES. And I already have this code (below) in the BPS wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES:
Is this the same/does the same job? Or should I add in the VC one you recommend here as well? – as this is the first time I have seen these security log entries, which are still continuing. (Once i have confirmation from you about this custom code above i will do the Plugin Firewall troubleshooting steps too.)# BuddyPress & Visual Composer post.php and admin-ajax.php skip/bypass rule RewriteCond %{REQUEST_URI} (post\.php|admin-ajax\.php) [NC] RewriteRule . - [S=2]
Cheers.
AITpro Admin
Keymaster@ jenni101 – The plugin skip/bypass rules are used to whitelist something else in Visual Composer. So do the Plugin Firewall reset/clear steps and let me know if that works or not.
jenni101
ParticipantOK, I’m trying to test each page via http://boomproxy.com as recommended, but it appears that as mine is a membership site it won’t load the pages as they are protected/members only pages – so about 98% of them are redirected to our membership page if you’re not logged in. I will try just clicking on all the pages as I’m logged in, but I don’t know if that will produce the required results???
AITpro Admin
Keymaster@ jenni101 – Nope, that will not work. Post the URL to the site and I will scan it remotely and post your Plugin Firewall whitelist rules for your site.
jenni101
ParticipantOK. It did create a few whitelist rules by doing this, but not many, and still getting the security log entries for the vc composer whitleist rules a/a. my site is: https://www.the-photohub.co.nz/ It’s currently in MM – do you need me to turn that off while you scan it??
AITpro Admin
Keymaster@ jenni101 – Oh since the site is Maintenance Mode then just deactivate the Plugin Firewall and turn Off AutoPilot Mode. Usually when sites are in Maintenance Mode and you are not using BPS Maintenance Mode then the Plugin Firewall will not work correctly because the website is offline/not Live. When the site is out of Maintenance Mode then activate the Plugin Firewall and turn On AutoPilot Mode.
jenni101
ParticipantOK, thanks. If still getting these errors once out of MM will post back here.
Thanks for your time, advice and help.
Matt Zahy
Participant[Topic has been merged into this relevant Topic]
Hi,i am getting lot of this errors from the ip that are “safe” visitors of my site. how can i avoid it?
thanks
Matt[403 GET Request: November 18, 2016 1:31 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: x.x.x.x Host Name: xxx.xxx.xx SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://xxxx.xx/index.php/about/ REQUEST_URI: /wp-content/plugins/js_composer/assets/lib/vc_accordion/vc-accordion.min.js?ver=2.7 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
AITpro Admin
Keymaster@ Matt Zahy – The Visual Composer plugin requires additional skip/bypass rules: http://forum.ait-pro.com/forums/topic/visual-composer-blocked-by-bps-pro/#post-25258
If you do not have BPS Pro 12.4.1 installed then upgrade to BSP Pro 12.4.1.
If you are using a Maintenance Mode plugin (not BPS Pro MMode) and your site is currently in Maintenance Mode then deactivate the Plugin Firewall. When your site is no longer in Maintenance Mode then activate the Plugin Firewall.If Plugin Firewall AutoPilot Mode is not creating whitelist rules automatically for various reasons and needs to be reset/cleared do these steps: http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/page/2/#post-26268
Other possible causes for the problem: http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/
Matt Zahy
ParticipantHi,
i had the latest BPS Pro 12.4.1 – The problem was solved with adding additional skip/bypass rules for the Visual Composer.
thanks
Matt
-
AuthorPosts
- You must be logged in to reply to this topic.