Home › Forums › BulletProof Security Pro › Monarch plugin – 403 error
Tagged: 403 error
- This topic has 4 replies, 2 voices, and was last updated 4 years, 11 months ago by Rami M.
-
AuthorPosts
-
Rami MParticipant
Hi,
I have Monarch from Elegant Themes installed and not sure which bonus custom code is blocking this and how to white-list it.
Many thanks,
Rami
HTTP_REFERER: https://.../?et_pb_preview=true&et_pb_preview_nonce=5995afcf49&iframe_id=et-fb-preview-1558159350805-953 REQUEST_URI: /?et_pb_preview=true&et_pb_preview_nonce=5995afcf49&iframe_id=et-fb-preview-1558159350805-953 QUERY_STRING: et_pb_preview=true&et_pb_preview_nonce=5995afcf49&iframe_id=et-fb-preview-1558159350805-953 HTTP_USER_AGENT: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36 REQUEST BODY: et_pb_preview_nonce=5995afcf49&is_fb_preview=true&shortcode=%5Bet_social_follow+icon_style%3D%22flip%22+icon_shape%3D%22rectangle%22+icons_location%3D%22top%22+col_number%3D%225%22+spacing%3D%22true%22+outer_color%3D%22dark%22+network_names%3D%22true%22%5D
AITpro AdminKeymasterI need to see the BPS Security Log entry for what is being blocked. Go to the BPS Security Log page and copy and paste the Monarch plugin Security Log entry.
Rami MParticipantThanks for your help. Here is the entry I see mentioning ET Monarch:
[403 POST Request: May 18, 2019 5:55 am] BPS Pro: 13.9 WP: 5.2 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 178.... Host Name: 178... SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: POST HTTP_REFERER: https://.../?et_pb_preview=true&et_pb_preview_nonce=5995afcf49&iframe_id=et-fb-preview-1558158956701-774 REQUEST_URI: /?et_pb_preview=true&et_pb_preview_nonce=5995afcf49&iframe_id=et-fb-preview-1558158956701-774 QUERY_STRING: et_pb_preview=true&et_pb_preview_nonce=5995afcf49&iframe_id=et-fb-preview-1558158956701-774 HTTP_USER_AGENT: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36 REQUEST BODY: et_pb_preview_nonce=5995afcf49&is_fb_preview=true&shortcode=%5Bet_social_follow+icon_style%3D%22flip%22+icon_shape%3D%22rectangle%22+icons_location%3D%22top%22+col_number%3D%225%22+spacing%3D%22true%22+outer_color%3D%22dark%22+network_names%3D%22true%22%5D
AITpro AdminKeymasterThe Request is a POST Request. So the POST Attack Protection Bonus Custom Code you added and modified is causing the 403 error. You will need to add the whitelist rule below to your POST Attack Protection Bonus Custom Code and move the code to BPS Root Custom Code text box: 8. CUSTOM CODE WP REWRITE LOOP START.
The additional whitelist rule for the Monarch plugin:
# Whitelist Monarch Plugin POST Requests by Query String RewriteCond %{QUERY_STRING} !^et_pb_preview(.*) [NC]
1. Move (cut and paste) your existing POST Request Protection code from this BPS Root Custom Code text box: 14. CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE into this BPS Root Custom Code text box: 8. CUSTOM CODE WP REWRITE LOOP START.
2. Edit your POST Request Protection code and add the Monarch Plugin POST Requests by Query String whitelist rule shown above into your POST Request Protection code.
3. Go to the htaccess File Editor tab page > Your Current Root htaccess File tab > scroll down in your root htaccess file code until you see the WP REWRITE LOOP START code. It will look similar to this example code directly below. Do not use this code below since your WP REWRITE LOOP START code may be different.# WP REWRITE LOOP START RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L]
Note: If you have an HTTPS/SSL website then use the BPS HTTPS/SSL Rewrite htaccess code below > https://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233
# WP REWRITE LOOP START RewriteEngine On RewriteBase / RewriteCond %{HTTPS} !=on RewriteCond %{SERVER_PORT} ^80 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] RewriteRule ^index\.php$ - [L]
4. Copy your WP REWRITE LOOP START code or HTTPS/SSL Rewrite code and paste it above your POST Request Protection code in the Root Custom Code text box: 8. CUSTOM CODE WP REWRITE LOOP START.
5. Click the Save Root Custom Code button.
6. Go to the Security Modes tab page and click the Root folder BulletProof Mode Activate button.Rami MParticipantIt worked. Many thanks!
-
AuthorPosts
- You must be logged in to reply to this topic.