Whitelist rules are not valid

Home Forums BulletProof Security Pro Whitelist rules are not valid

This topic contains 28 replies, has 4 voices, and was last updated by  AITpro Admin 4 years, 8 months ago.

Viewing 14 posts - 16 through 29 (of 29 total)
  • Author
    Posts
  • #21047

    growitsolutions
    Participant

    Is this what you need:

    Website Root URL: http://www.southwalesgirlsgolf.com
    Document Root Path: /home/linweb36/s/southwalesgirlsgolf.com-1081180436/user/htdocs
    WP ABSPATH: /home/linweb36/s/southwalesgirlsgolf.com-1081180436/user/htdocs/
    Parent Directory: /home/linweb36/s/southwalesgirlsgolf.com-1081180436/user
    Server|Website IP Address: 127.0.0.1
    Host by Address: linweb36.linvh1.fasthosts.co.uk
    DNS Name Server: ns2.livedns.co.uk
    Proxy X-Forwarded-For IP Address: 213.106.136.11
    Server Type: Apache
    Operating System: Linux
    WP Filesystem API Method: direct
    Server API: cgi-fcgi CGI Host Server Type
    cURL: cURL Extension is Loaded
    Zend Engine Version: 2.4.0
    Zend Guard|Optimizer: Zend Guard Loader Extension is Loaded
    ionCube Loader: ionCube Loader Extension is Loaded Version: 40202
    Suhosin: Suhosin is Not Installed|Loaded
    APC: APC Extension is Not Loaded
    eAccelerator: eAccelerator Extension is Not Loaded
    XCache: XCache Extension is Loaded but Not Enabled
    Varnish: Varnish Extension is Not Loaded
    Memcache: Memcache Extension is Not Loaded
    Memcached: Memcached Extension is Not Loaded
    #21049

    AITpro Admin
    Keymaster

    Everything looks good so at this point I will need to login to this website to solve whatever problem is occurring.  Create a temporary WordPress Administrator login and send it to edward at ait-pro dot com.

    #21051

    growitsolutions
    Participant

    All done

    #21052

    AITpro Admin
    Keymaster

    I have received that login information and will be logging in now.  Please do not change any BPS Pro settings while I am logged in.  Once I have fixed whatever is going on then I will log out and let you know I am logged out.  Thanks.

    #21053

    growitsolutions
    Participant

    Thank you

    #21054

    AITpro Admin
    Keymaster

    I am logged out of the site now.

    The original Plugin Firewall problem was corrected by you doing the steps that I posted above.  I checked the Security Log and see that AutoPilot Mode did automatically fix the previous problem.  I tested the Plugin Firewall with a Proxy and it is functioning normally.

    Now you have these other major problems below with this website that you need to contact your host to fix.

    The site is performing very poorly due to both of these things below:
    The memory limit needs to be increased from 64M to at least 128M.
    PHP Actual Configuration Memory Limit: 64M Recommendation: Increase Memory Limit to 128M.

    WordPress websites do not perform well when output buffering is On. Turn output buffering Off.
    PHP Output Buffering: 4096

    Additional issue:
    You have the Broken Link Checker plugin installed. The Broken Link Checker plugin should not be left activated/on all the time. It uses quite a lot of server resources and memory. Only turn it on when you want to occaisonally check for broken links on this site or you need to configure the advanced settings in this plugin if you want to leave it on/activated all the time.

    Very Important: If you are still seeing WP Dashboard issues/problems after increasing the memory limit and turning output buffering off then the problem is going to be with your Browser or something you have installed on your computer. If you are using a Proxy (either an online Proxy/VPN or a Proxy/VPN that you have installed in your Browser or computer) when logging into a website then that will usually cause the problems you have described.

    #21090

    growitsolutions
    Participant

    Really sorry but now I’m getting:

    [403 GET / HEAD Request: February 21, 2015 8:16 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 31.98.23.119
    Host Name: 31.98.23.119
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 31.98.23.119
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.southwalesgirlsgolf.com/
    REQUEST_URI: /wp-content/plugins/thinkup-panels/inc/plugins/waypoints/waypoints.min.js?ver=2.0.3
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B466 Safari/600.1.4
    #21093

    AITpro Admin
    Keymaster

    Is the plugin working?  Is this an older Security log entry?  It may just be that the Plugin Firewall should not be used on this particular site.  When I checked the site everything appeared to be working correctly in general.  What does that plugin do? Where would you check to see if it is working?

    #21094

    AITpro Admin
    Keymaster

    Of course this also might not have anything to do with the Plugin Firewall either.  I think at this point you need to do the standard BPS Pro troubleshooting steps here:  http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting  and then let me know exactly which BPS Pro security feature is blocking which thing.  At this point the assumption has been made that this is being blocked by the Plugin Firewall.  Not sure if you already tested or confirmed that already by doing the BPS Pro troubleshooting steps, but things could require a plugin skip/bypass rule or something else.  By doing the BPS Pro troubleshooting steps you can isolate which thing is causing what.

    If you would like for me to do that then I need to know specifically what is not working.  Ie a link to what is not working.  The name of the plugin that is not working.  And a specific description of what is not working.

    #21095

    growitsolutions
    Participant

    Hi, I’ve tested from a few devices and it now seems to be working!- so that’s great. Tomorrow I will carry out final checks and let you know. Really appreciate all your help – Thank you.

    #21097

    AITpro Admin
    Keymaster

    Great!  BUT take care of the memory limit and output buffer problems ASAP.  It is very possible that the output buffer being on is causing intermittent problems and it could even be breaking/preventing BPS Pro from doing what it does intermittently, including whitelisting things.

    #21098

    AITpro Admin
    Keymaster

    Just some additional info on output buffering and WordPress.  It is perfectly fine to do output buffering on specific pages using ob_start(); code in WordPress (plugin, theme or other pages), BUT using the php.ini directive output_buffering = 4096 in a php.ini file is a known problem for WordPress websites.

    Performance WP Specific: Allow or Disallow output buffering. Output buffering is a mechanism for controlling how much output data (excluding headers and cookies) PHP should keep internally before pushing that data to the client. Output buffering does not work well on WordPress sites and causes slower performance. For other types of sites that are NOT WordPress the recommended output buffering setting is: output_buffering = 4096. The ouput buffering setting for WordPress should be: output_buffering = 0 or output_buffering = Off.

    #21099

    growitsolutions
    Participant

    That’s great – thanks for the info – now just got to get the hosting company to comply 🙂
    Now you have made these changes, is there an easy way to save them for future?

    Regards

    #21102

    AITpro Admin
    Keymaster

    You already solved the problem by doing the steps I posted.  When I logged into your site the problem had already been fixed and I just tested things and confirmed that everything was fixed. All BPS Pro settings are stored in your Database so they are already saved.  If you do a Database backup then you will have a backup of those saved settings.

Viewing 14 posts - 16 through 29 (of 29 total)

You must be logged in to reply to this topic.