Home › Forums › BulletProof Security Pro › Whois Plugin blocked by BulletProof Security, 404 Not Found Error
Tagged: Whois plugin, whois plugin 404, Whois Plugin blocked
- This topic has 4 replies, 2 voices, and was last updated 12 years, 5 months ago by
AITpro Admin.
-
AuthorPosts
-
AITpro Admin
KeymasterEmail Question:
Hi Ed,
I have a question about a plugin that I am using which could be partial blocked by .htaccess.I got this feedback from the plugin developer:The Ajax call to order the TLDs show a 404 Not Found.It could be permissions on that file, a .htaccess or Apache mod_securityThis is the URL:
example.com/subfolder/wp-admin/admin-ajax.php?action=wpwhoisordertlds&item[]=com&item[]=cl&item[]=se&item[]=net&item[]=org&item[]=info&item[]=biz&item[]....
The mod_security is not installed on the VPS and file chmod is set to 644.The plugin is called WHOIS. I cannot get the ordering of the TLD’s saved.
Answer:
The square brackets in the Query String are definitely going to be blocked and possibly the call to the admin-ajax.php file too. Modify these security filters below in your Root .htaccess file and remove the square brackets from these security filters. If this does not take care of the issue then see the admin-ajax.php skip/bypass rule “fix” below.Before modificationRewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR]RewriteCond %{QUERY_STRING} ^.*(\0|\x04|\x08|\r|\x1b|\x20|\x3c|\x3e|\x5b|\x5d|\x7f).* [NC,OR] After modificationRewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]RewriteCond %{QUERY_STRING} ^.*(\0|\x04|\x08|\r|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
admin-ajax.php skip/bypass rule
1. Add the admin-ajax.php skip/bypass rule below to this wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
2. Click the Save wp-admin Custom Code button.
3. Go to the Security Modes page and Activate wp-admin Folder BulletProof Mode.Note: The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. If you have other wp-admin skip/bypass rules already then either combine them or add this skip/bypass rule separately above the other rules and change the skip #. Example: If you already have skip #’s 2 and 3 then this rule would be skip rule #4.
# admin-ajax.php skip/bypass rule RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC] RewriteRule . - [S=2]
Jan
ParticipantHi Ed,
The bypass rule did it for me! Thanks again for your swift solution 😀AITpro Admin
KeymasterHi Jan,
Did you need to modify the square brackets filters in your Root .htaccess file too or did just adding the admin-ajax.php skip / bypass rule in your wp-admin .htaccess do the trick?
Thanks.
Jan
ParticipantHi Ed,
I tried the first adjustment but I did not have any effect. So I set it back and then tried the bypass rule which worked.AITpro Admin
KeymasterOk perfect thanks. 😉 I will add this “fix” to the plugins compatibility, testing and “fixes” page.
-
AuthorPosts
- You must be logged in to reply to this topic.