Whitelist rules are not valid

Home Forums BulletProof Security Pro Whitelist rules are not valid

This topic contains 28 replies, has 4 voices, and was last updated by  AITpro Admin 3 years, 4 months ago.

Viewing 15 posts - 1 through 15 (of 29 total)
  • Author
    Posts
  • #12452

    Joshua Wilson
    Participant

    Hello, when i run cURL scanner on my site i get a large number of code and when i place in the whitelist box i get the error below. At the very bottom is the code the cURL scanner came up with. I tried this on another one of my sites earlier and it worked flawlessly. I also had twice as many plugins on the site that it worked perfect on. It may be some of the custom code i have set interfering.

    Error: One or more of your Whitelist rules are not valid
    Edit your Whitelist rules after copying them to the Plugin Firewall Whitelist Text Area and correct whitelist rules that contain any of these invalid things: ver=, page=, src=, www, http, https, href, .com, .net, .org, .biz, .info, .gov, .edu and click the Save Whitelist Options button and activate the Plugin Firewall again.
    Valid plugin Whitelist rules MUST use ONLY this Format: /plugin-folder-name/plugin-script.js, /plugin-folder-name/(.*).js. Plugin paths/scripts are separated by a comma and a single space.

    Error: One or more of your Whitelist rules contain these invalid characters: %, “, ‘, &, <, > or ;
    Edit your Whitelist rules after copying them to the Plugin Firewall Whitelist Text Area and edit them to correct the error and click the Save Whitelist Options button and activate the Plugin Firewall again.
    Valid plugin Whitelist rules MUST use ONLY this Format: /plugin-folder-name/plugin-script.js, /plugin-folder-name/(.*).js. Plugin paths/scripts are separated by a comma and a single space.

    Error: One or more of your Whitelist rules contain these invalid paths: /plugins/ or /wp-content/ or /wp-includes/
    Edit your Whitelist rules after copying them to the Plugin Firewall Whitelist Text Area and edit them to correct the error and click the Save Whitelist Options button and activate the Plugin Firewall again.
    Valid plugin Whitelist rules MUST use ONLY this Format: /plugin-folder-name/plugin-script.js, /plugin-folder-name/(.*).js. Plugin paths/scripts are separated by a comma and a single space.

    [gibberish, junk Source Code removed]

    #12453

    Joshua Wilson
    Participant

    I am sorry for the above output code. I didn’t realize it was going to process the html  code the cURL came up with.  I skimmed though it, it had so many lines.

    #12464

    AITpro Admin
    Keymaster

    We like to see exactly what the issue is so it is totally fine to post code.  When posting code, use pre tags <pre> your code </pre> in the “Text” editor tab so that the code is put into a nicely formatted code box.

    The cURL scanner tries to find all frontloading plugin scripts by searching your website pages Source Code.  If something on your site (plugin, theme or other) is compressing or minifying or embedding Source Code in a way that the cURL scanner cannot make sense of the code and filter out what is not gibberish, compressed, minified, embedded (poorly or incorrectly) or other poor coding methods done by a plugin or theme then the cURL scanner will output that gibberish / junk / poorly coded Source Code.

    Since the cURL scanner cannot pick through and filter out all the junk / gibberish / poorly coded Source Code on this site to output only valid plugin scripts/rules then you should use the alternate method of checking your BPS Pro Security Log for plugin scripts to add to the Plugin Firewall Whitelist Text area.  This video tutorial link below shows that alternate method.

    http://forum.ait-pro.com/video-tutorials/#security-log-firewall

     

    #12468

    AITpro Admin
    Keymaster

    I checked your site and looked at the Source Code of your site and it has been compressed.  What that does it takes the original formatting and structure of the original code and compresses it into one long run on of Source Code.  Personally I would never do that on any of our sites and definitely do not recommend that anyone else does that on their website so probably the best thing to do would be to uncompress your Source Code.  Totally up to you of course.  Just adding my 2 cents.  😉

    I think compression and minification can be beneficial if done manually.  When compression or minification is automated in a “one size fits all” way then it will NEVER result in something good.  Compression and minification are NOT a “one size fits all” thing since there are too many factors to take into consideration on every individual / unique website and should ALWAYS be done manually / custom on each individual / unique website if you want to compress or minify Source Code.

    #20817

    smellyfoot
    Participant

    [Topic has been merged into this relevant Topic]

    Hi there people
    Got some trouble with installation and getting fed up with it.
    After running pre-installation wizard got this bugger:

    /jetpack/modules/sharedaddy/sharing.js?ver=20121205\'>   <script src="https://stats.wordpress.com/e-201506.js

    I’ve been trying to do some fiddling with that line but without results…
    any ideas??????????

    #20820

    AITpro Admin
    Keymaster

    The Setup Wizard cURL scanner tries its best to scan and filter out only valid plugin script URL’s to make Plugin Firewall whitelist rules.  In some cases it is not possible for the Setup Wizard to unscramble/unmangle – scrambled or mangled website Source Code.  You can do either one of these methods below to fix the problem.

    Method 1:  Edit the invalid whitelist rule, save your changes and activate the Plugin Firewall again.
    1. Go to the Plugin Firewall >>> Plugin Firewall Whitelist Tools accordion tab >>> Whitelist Text >>> Plugins Script|File Whitelist Text Area.
    2. Edit this invalid whitelist rule (scrambled/mangled Source Code).

    BEFORE EDITING:
    /jetpack/modules/sharedaddy/sharing.js?ver=20121205\'>   <script src="https://stats.wordpress.com/e-201506.js
    
    AFTER EDITING:
    /jetpack/modules/sharedaddy/sharing.js
    

    3. Click the Save Whitelist Options button.
    4. Click the Plugin Firewall BulletProof Mode Activate button.

    Method 2: Delete all existing Plugin Firewall whitelist rules and allow Plugin Firewall AutoPilot Mode to create new whitelist rules (AutoPilot Mode will always create only valid whitelist rules – it works in a different way than the cURL scanner).
    1. Go to the Plugin Firewall >>> Plugin Firewall Whitelist Tools accordion tab >>> Whitelist Text >>> Plugins Script|File Whitelist Text Area.
    2. Delete all of the whitelist rules in the Plugins Script|File Whitelist Text Area.
    3. Click the Save Whitelist Options button.
    4. Click the Plugin Firewall BulletProof Mode Activate button.

    #20822

    smellyfoot
    Participant

    Thanks a lot:) Everything works fine now.

    #20823

    AITpro Admin
    Keymaster

    Great!  Thanks for confirming that did the trick.

    #21030

    growitsolutions
    Participant

    [Topic has been merged into this relevant Topic]

    Hi, I have just added bps to a new site. All was going well apart from the firewall seems to be restricting access to some plugins and content within the domain. I have tried the plugin firewall cURL Scanner and added some content to the whitelist. Essentially, I would like the firewall to allow full access to the domain and below. I even got to the stage whereby the icons and formatting for bps were gone. When I disable it – all is well.

    Any help would be appreciated as I have left it off at the moment.
    Regards

    #21033

    AITpro Admin
    Keymaster

    As of BPS Pro 9.8 a new feature was added called Plugin Firewall AutoPilot Mode, which automatically detects and creates Plugin Firewall whitelist rules in real-time.  http://www.ait-pro.com/aitpro-blog/5075/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-9-8/

    Notes:
    • BPS Pro Security Logging MUST be turned On in order for AutoPilot Mode to work.

    Do these steps:
    1. Delete all of your Plugin Firewall Whitelist rules from the whitelist text area.
    2. Click the Save Whitelist Options button.
    3. Activate the Plugin Firewall.

    Note: Depending on your AutoPilot Mode Cron settings, your Plugin Firewall whitelist rules will be created when the next Cron job runs. ie 1 minute, 2 minutes, 15 minutes, etc.

    #21034

    AITpro Admin
    Keymaster

    I checked the API Server log and see a new site:  southxxxxx.com was activated for your BPS Pro account and is an IIS7 and Nginx server type on FastHosts hosting.  So it is not a LiteSpeed issue, but it is possible that an Nginx Reverse Proxy is being used and your correct IP address is not being detected.

    If the problem is still happening after doing the steps in my previous Forum Reply then go to the B-Core >>> htaccess File Editor >>> Your Current Plugins htaccess File tab >>> copy and paste this below from your plugins htaccess file contents:

    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|txt|vb|vbe|vbs|war|ws|wsf|xhtml|z|zip)$">
    Order Allow,Deny
    Allow from env=whitelist
    Allow from forum.ait-pro.com
    Allow from 173.201.92.1
    # BEGIN PUBLIC IP
    Allow from xxx.xxx.xxx.xxx
    # END PUBLIC IP
    </FilesMatch>
    #21036

    growitsolutions
    Participant

    Hi, Still no luck sorry. The original contents prior to editing the above are below. Replacing this with the above has made matters slightly worse with regard to content being displayed correctly. The hosting server is now Linus – this was swapped yesterday so I’m not sure how long it takes to propegate.

    Regards

    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|txt|vb|vbe|vbs|war|ws|wsf|xhtml|z|zip)$">
    Order Allow,Deny
    Allow from env=whitelist
    Allow from southxxxxxxxxxxx.com
    Allow from 127.0.0.1
    # BEGIN PUBLIC IP
    Allow from 213.106.136.11
    # END PUBLIC IP
    </FilesMatch>
    #21038

    AITpro Admin
    Keymaster

    hmm our API server is logging that your site is on an IIS7 and Nginx server combination and not Linux – maybe that is cached information – that would be very strange.  Go to the BPS System Info page and copy and paste this information below (only comment out your IP address with x’s – all of the other information is publicly displayed on the Internet and does not need to be commented out):

    I believe this is going to be the problem: Allow from 127.0.0.1. Most likely you will need to add/whitelist additional IP addresses. 127.0.0.1 is usually used with some type of Proxy. The additional IP address will be your Server|Website IP address.

    Server|Website IP Address: 173.201.92.1
    Host by Address: p3nlhg43c081.shr.prod.phx3.secureserver.net
    DNS Name Server: ns26.domaincontrol.com
    Public Internet IP Address (ISP): xxx.xxx.xxx.xxx
    Server Type: Apache
    Operating System: Linux
    WP Filesystem API Method: direct
    Server API: cgi-fcgi CGI Host Server Type
    #21041

    growitsolutions
    Participant

    Oops – seem to have got in a mess – was just checking I cut n paste Filesmatch stuff in correctly, but lost all display again, so had to disable the firewall so I could see what I was doing. I then got this message: An htaccess file was not found in your / when checking the “Your current plugins hatches file” Do I need to sort this before trying your next step? Definitely, swapped from IIS yesterday at 2:00pm UK time. Thanks

    #21045

    AITpro Admin
    Keymaster

    Just post the System Information that I requested first.  The Plugin Firewall is self-repairing like everything in BPS Pro.  Once you post that information then I will tell you what to do next.

Viewing 15 posts - 1 through 15 (of 29 total)

You must be logged in to reply to this topic.