Whois Plugin blocked by BulletProof Security, 404 Not Found Error

Home Forums BulletProof Security Pro Whois Plugin blocked by BulletProof Security, 404 Not Found Error

This topic contains 4 replies, has 2 voices, and was last updated by  AITpro Admin 5 years, 7 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #429

    AITpro Admin
    Keymaster

    Email Question:

    Hi Ed,

    I have a question about a plugin that I am using which could be partial blocked by .htaccess.I got this feedback from the plugin developer:The Ajax call to order the TLDs show a 404 Not Found.It could be permissions on that file, a .htaccess or Apache mod_securityThis is the URL:

    example.com/subfolder/wp-admin/admin-ajax.php?action=wpwhoisordertlds&item[]=com&item[]=cl&item[]=se&item[]=net&item[]=org&item[]=info&item[]=biz&item[]....

    The mod_security is not installed on the VPS and file chmod is set to 644.The plugin is called WHOIS. I cannot get the ordering of the TLD’s saved.

    Answer:
    The square brackets in the Query String are definitely going to be blocked and possibly the call to the admin-ajax.php file too.  Modify these security filters below in your Root .htaccess file and remove the square brackets from these security filters.  If this does not take care of the issue then see the admin-ajax.php skip/bypass rule “fix” below.

    Before modificationRewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR]RewriteCond %{QUERY_STRING} ^.*(\0|\x04|\x08|\r|\x1b|\x20|\x3c|\x3e|\x5b|\x5d|\x7f).* [NC,OR]
    After modificationRewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]RewriteCond %{QUERY_STRING} ^.*(\0|\x04|\x08|\r|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]

    admin-ajax.php skip/bypass rule
    1. Add the admin-ajax.php skip/bypass rule below to this wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
    2. Click the Save wp-admin Custom Code button.
    3. Go to the Security Modes page and Activate wp-admin Folder BulletProof Mode.

    Note:  The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1].  If you have other wp-admin skip/bypass rules already then either combine them or add this skip/bypass rule separately above the other rules and change the skip #.  Example:  If you already have skip #’s 2 and 3 then this rule would be skip rule #4.

    # admin-ajax.php skip/bypass rule
    RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC]
    RewriteRule . - [S=2]
    #437

    Jan Wessels
    Participant

    Hi Ed,
    The bypass rule did it for me! Thanks again for your swift solution  😀

    #438

    AITpro Admin
    Keymaster

    Hi Jan,

    Did you need to modify the square brackets filters in your Root .htaccess file too or did just adding the admin-ajax.php skip / bypass rule in your wp-admin .htaccess do the trick?

    Thanks.

    #440

    Jan Wessels
    Participant

    Hi Ed,
    I tried the first adjustment but I did not have any effect. So I set it back and then tried the bypass rule which worked.

    #441

    AITpro Admin
    Keymaster

    Ok perfect thanks.  😉  I will add this “fix” to the plugins compatibility, testing and “fixes” page.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.