Visual Composer – Editor not saving text – POST Attack Protection

Home Forums BulletProof Security Pro Visual Composer – Editor not saving text – POST Attack Protection

This topic contains 0 replies, has 1 voice, and was last updated by  AITpro Admin 11 months, 3 weeks ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #33528

    AITpro Admin
    Keymaster

    The BPS POST Attack Protection Bonus Custom Code blocks the Visual Composer editor from saving text using a POST Request. To whitelist the Visual Composer POST Request add this Query String whitelist in your BPS POST Attack Protection Bonus Custom Code in BPS Root Custom Code, save your changes and activate Root Folder BulletProof Mode.

    # WPBakery Visual Composer/Salient Visual Composer Query String whitelist rule 
    RewriteCond %{QUERY_STRING} !^vc_editable=(.*) [NC]

    Security Log entry:

    [403 POST Request: June 30, 2017 - 10:34 am]
    BPS Pro: 13
    WP: 4.8
    Event Code: WPADMIN-SBR
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 127.0.0.1
    Host Name: xxxxx
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: POST
    HTTP_REFERER: http://demo5.local/wp-admin/post.php?vc_action=vc_inline&post_id=404&post_type=page
    REQUEST_URI: /?vc_editable=true&vc_post_id=404&_vcnonce=d8e7444ff7
    QUERY_STRING: vc_editable=true&vc_post_id=404&_vcnonce=d8e7444ff7
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
    REQUEST BODY: post_id=404&vc_inline=true&_vcnonce=d8e7444ff7&action=vc_load_shortcode&shortcodes%5B0%5D%5Bid%5D=54b0708fadffe77cdeefe2c86a5c55bf&shortcodes%5B0%5D%5Bstring%5D=%5Bvc_column_text%5D%5Blogin_form%5D%0A%0Axxxx%0A%0Axxx%0A%0Axxx%0A%0Axxx%0A%0Axxx%0A%0Axxx%0A%0Axxx%0A%0Axxx%0A%0Axxx%0A%0Aaaa%0A%0Aaaa%0A%0Aaaa%5B%2Fvc_column_text%5D&shortcodes%5B0%5D%5Btag%5D=vc_column_text

    Notes: Eventually the BPS POST Attack Protection Bonus Custom Code will be added as a standard GUI feature in BPS and BPS Pro and will have auto-whitelisting capability like BPS Setup Wizard AutoFix.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.