Home › Forums › BulletProof Security Pro › Motopress Hotel Booking – 403 error – Whitelist Rule required
- This topic has 5 replies, 3 voices, and was last updated 10 months, 2 weeks ago by Powred.
-
AuthorPosts
-
UPRParticipant
I’ve searched for a solution in the forum, but couldn’t find any Skip/Bypass rule for this pluging.
This is the security log:[403 GET Request: 28th August 2019 - 5:32 pm] BPS Pro: 14.1 WP: 5.2.2 Event Code: WPADMIN-SBR Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: GDPR Compliance On Host Name: 203-59-94-52.perm.iinet.net.au SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: GDPR Compliance On HTTP_FORWARDED: GDPR Compliance On HTTP_X_FORWARDED_FOR: GDPR Compliance On HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On REQUEST_METHOD: GET HTTP_REFERER: https://unplugrentals.com/wp-admin/admin.php?page=mphb_calendar REQUEST_URI: /wp-admin/admin.php?page=mphb_calendar&mphb_bookings_calendar%5Broom_type_id%5D=0&mphb_bookings_calendar%5Bperiod_page_month%5D=0&mphb_bookings_calendar%5Bperiod_page_quarter%5D=0&mphb_bookings_calendar%5Bperiod_page_year%5D=0&mphb_bookings_calendar%5Bperiod%5D=month&mphb_bookings_calendar%5Baction_period_next%5D=Next+%3E&mphb_bookings_calendar%5Bcustom_period%5D%5Bdate_from%5D=&mphb_bookings_calendar%5Bcustom_period%5D%5Bdate_to%5D=&mphb_bookings_calendar%5Bsearch_room_availability_status%5D=&mphb_bookings_calendar%5Bsearch_date_from%5D=&mphb_bookings_calendar%5Bsearch_date_to%5D= QUERY_STRING: page=mphb_calendar&mphb_bookings_calendar%5Broom_type_id%5D=0&mphb_bookings_calendar%5Bperiod_page_month%5D=0&mphb_bookings_calendar%5Bperiod_page_quarter%5D=0&mphb_bookings_calendar%5Bperiod_page_year%5D=0&mphb_bookings_calendar%5Bperiod%5D=month&mphb_bookings_calendar%5Baction_period_next%5D=Next+%3E&mphb_bookings_calendar%5Bcustom_period%5D%5Bdate_from%5D=&mphb_bookings_calendar%5Bcustom_period%5D%5Bdate_to%5D=&mphb_bookings_calendar%5Bsearch_room_availability_status%5D=&mphb_bookings_calendar%5Bsearch_date_from%5D=&mphb_bookings_calendar%5Bsearch_date_to%5D= HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Firefox/68.0
It is triggered by clicking on the ‘Next’ button in a calendar overview in the back-end.
Could you help with a whitelist rule for this please (and advise where to put it)?
Cheers,
SaschaAITpro AdminKeymasterWhat is being blocked in the Motopress Hotel Booking Query String is this portion and code character in the Query String:
Next+%3E&mphb_bookings_calendar
.%3E
is an encoded angle bracket>
.1. Copy the modified wp-admin htaccess file Query String Exploits code below to this wp-admin Custom Code text box: 4. CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
2. Click the Encrypt Custom Code button – You only need to do this step if your web host has ModSecurity CRS installed and you are unable to save your custom code.
3. Click the Save wp-admin Custom Code button to save your wp-admin custom code.
4. Go to the BPS Setup Wizard page and run the Pre-Installation Wizard and Setup Wizard.# BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS # WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED # Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently. RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\s+|%20+\s+|\s+%20+|\s+%20+\s+)(http|https)(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] #RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR] RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] #RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F] # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
UPRParticipantThank you so much! Works perfectly now!
PowredParticipantHi, I was looking for a solution on the forum as I also have a problem with Motopress hotel booking plugin and need a skip/bypass rule. It relates to the booking confirmation page rather than the calendar. Any help would be greatly appreciated.
This is the security log:
[403 GET Request: November 17, 2023 12:47 am] BPS: WP: 6.4.1 Event Code: WPADMIN-SBR Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: Host Name: nmal-25-b2-v4wan-166098-cust1046.vm24.cable.virginm.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.hacienda.powredwebsites.co.uk/booking-confirmation/ REQUEST_URI: /wp-admin/admin-ajax.php?action=mphb_update_checkout_info&mphb_nonce=1864cd1e2c&formValues%5Bmphb-checkout-nonce%5D=865593d186&formValues%5B_wp_http_referer%5D=%2Fbooking-confirmation%2F&formValues%5Bmphb-booking-checkout-id%5D=9984868cd4424eedba32d364932da2f0&formValues%5Bmphb_check_in_date%5D=2023-11-26&formValues%5Bmphb_check_out_date%5D=2023-11-27&formValues%5Bmphb_checkout_step%5D=%0D%0A%09%09%09%09%20%20%20booking%09%09%09%09%09%09&formValues%5Bmphb_room_details%5D%5B0%5D%5Broom_type_id%5D=168&formValues%5Bmphb_room_details%5D%5B0%5D%5Badults%5D=&formValues%5Bmphb_room_details%5D%5B0%5D%5Bchildren%5D=&formValues%5Bmphb_room_details%5D%5B0%5D%5Bguest_name%5D=&formValues%5Bmphb_room_details%5D%5B0%5D%5Brate_id%5D=206&formValues%5Bmphb_first_name%5D=&formValues%5Bmphb_last_name%5D=&formValues%5Bmphb_email%5D=mark%40powred.net&formValues%5Bmphb_phone%5D=&formValues%5Bmphb_country%5D=&formValues%5Bmphb_address1%5D=&formValues%5Bmphb_city%5D=&formValues%5Bmphb_state%5D=&formValues%5Bmphb_zip%5D=&formValues%5Bmphb_note%5D=&formValues%5Bmphb_childrens-cot%5D=select&formValues%5Bmphb_gateway_id%5D=paypal&lang=en QUERY_STRING: action=mphb_update_checkout_info&mphb_nonce=1864cd1e2c&formValues%5Bmphb-checkout-nonce%5D=865593d186&formValues%5B_wp_http_referer%5D=%2Fbooking-confirmation%2F&formValues%5Bmphb-booking-checkout-id%5D=9984868cd4424eedba32d364932da2f0&formValues%5Bmphb_check_in_date%5D=2023-11-26&formValues%5Bmphb_check_out_date%5D=2023-11-27&formValues%5Bmphb_checkout_step%5D=%0D%0A%09%09%09%09%20%20%20booking%09%09%09%09%09%09&formValues%5Bmphb_room_details%5D%5B0%5D%5Broom_type_id%5D=168&formValues%5Bmphb_room_details%5D%5B0%5D%5Badults%5D=&formValues%5Bmphb_room_details%5D%5B0%5D%5Bchildren%5D=&formValues%5Bmphb_room_details%5D%5B0%5D%5Bguest_name%5D=&formValues%5Bmphb_room_details%5D%5B0%5D%5Brate_id%5D=206&formValues%5Bmphb_first_name%5D=&formValues%5Bmphb_last_name%5D=&formValues%5Bmphb_email%5D=mark%40powred.net&formValues%5Bmphb_phone%5D=&formValues%5Bmphb_country%5D=&formValues%5Bmphb_address1%5D=&formValues%5Bmphb_city%5D=&formValues%5Bmphb_state%5D=&formValues%5Bmphb_zip%5D=&formValues%5Bmphb_note%5D=&formValues%5Bmphb_childrens-cot%5D=select&formValues%5Bmphb_gateway_id%5D=paypal&lang=en HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:109.0) Gecko/20100101 Firefox/115.0
AITpro AdminKeymaster@ Powred – add this wp-admin Custom Code Query String skip/bypass rule to this wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
Click the Save wp-admin Custom Code button.
Run the BPS Pre-Installation Wizard and Setup Wizard. If you have BPS free then just run the Setup Wizard.# Motopress Hotel Booking wp-admin plugin skip/bypass rule RewriteCond %{QUERY_STRING} action=mphb_update_checkout_info(.*) [NC] RewriteRule . - [S=2]
PowredParticipantBrilliant, that’s solved it. Thank you so much for your help and the quick response. The support for BPS is always superb!
-
AuthorPosts
- You must be logged in to reply to this topic.