Wonder PDF Embed plugin 403 access issues

Home Forums BulletProof Security Pro Wonder PDF Embed plugin 403 access issues

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • November 30, 2021 at 9:51 am #40966
    David Langston
    Participant

    Hey guys,

    I think this will be an easy one for you as I have seen similar on here but want to double check the correct code to add. I am using Wonder PDF Embed on a couple of sites, and any link which displays a PDF or the PDF viewer gets blocked with a 403 error. (The URLs are a bit of a mess, as we just took over these sites to rescue them).

    I have pasted a few security log entries from two sites that are affected below.
    If you could advise which code I need to add to which box, that will be hugely appreciated!

    Best wishes,

    Lanx

    [403 GET Request: November 30, 2021 4:13 pm]
BPS Pro:
WP: 5.8.2
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR:
Host Name: 213.205.194.92
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://atratoflowmeters.com/atrato-ultrasonic-flow-meters-brochure-datasheet/
REQUEST_URI: /wp-content/plugins/wonderplugin-pdf-embed/pdfjs/web/viewer.html?file=https%3A%2F%2Fatratoflowmeters.com%2Fwp-content%2Fuploads%2F2019%2F03%2FAtrato-8pp-brochure-03-19-1.pdf
QUERY_STRING: file=https%3A%2F%2Fatratoflowmeters.com%2Fwp-content%2Fuploads%2F2019%2F03%2FAtrato-8pp-brochure-03-19-1.pdf
HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 11; moto g(30)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.166 Mobile Safari/537.36 OPR/65.2.3381.61420

[AutoRestore Turned Off Cron Check: 30th November 2021 - 4:13 pm]
This Security Log entry is created when AutoRestore is turned Off on your website. To change or turn Off this setting go to the BPS Pro S-Monitor page, under Email Alerting & Log File Options change the ARQ: When AutoRestore|Quarantine is Turned Off option setting to whatever setting you would like to use instead.

[403 GET Request: November 30, 2021 4:10 pm]
BPS Pro:
WP: 5.8.2
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR:
Host Name: 109.249.185.106
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://metraflowmeter.com/metraflow-ultrasonic-non-invasive-flow-meter-instruction-manual/
REQUEST_URI: /wp-content/plugins/wonderplugin-pdf-embed/pdfjs/web/viewer.html?file=https%3A%2F%2Fmetraflowmeter.com%2Fwp-content%2Fuploads%2F2018%2F10%2FInstruction-manual-Metraflow-6-18-reduced.pdf
QUERY_STRING: file=https%3A%2F%2Fmetraflowmeter.com%2Fwp-content%2Fuploads%2F2018%2F10%2FInstruction-manual-Metraflow-6-18-reduced.pdf
HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 11; CPH1941) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Mobile Safari/537.36

[403 GET Request: November 30, 2021 4:02 pm]
BPS Pro:
WP: 5.8.2
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR:
Host Name: 109.249.185.106
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://metraflowmeter.com/metraflow-ultrasonic-non-invasive-flow-meter-datasheet/
REQUEST_URI: /wp-content/plugins/wonderplugin-pdf-embed/pdfjs/web/viewer.html?file=https%3A%2F%2Fmetraflowmeter.com%2Fwp-content%2Fuploads%2F2018%2F10%2FMetraflow-data-sheet-05-18.2.pdf
QUERY_STRING: file=https%3A%2F%2Fmetraflowmeter.com%2Fwp-content%2Fuploads%2F2018%2F10%2FMetraflow-data-sheet-05-18.2.pdf
HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 11; CPH1941) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Mobile Safari/537.36

[403 GET Request: November 30, 2021 4:02 pm]
BPS Pro:
WP: 5.8.2
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR:
Host Name: 109.249.185.106
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://metraflowmeter.com/metraflow-ultrasonic-non-invasive-flow-meter-instruction-manual/
REQUEST_URI: /wp-content/plugins/wonderplugin-pdf-embed/pdfjs/web/viewer.html?file=https%3A%2F%2Fmetraflowmeter.com%2Fwp-content%2Fuploads%2F2018%2F10%2FInstruction-manual-Metraflow-6-18-reduced.pdf
QUERY_STRING: file=https%3A%2F%2Fmetraflowmeter.com%2Fwp-content%2Fuploads%2F2018%2F10%2FInstruction-manual-Metraflow-6-18-reduced.pdf
HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 11; CPH1941) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Mobile Safari/537.36
    November 30, 2021 at 10:26 am #40969
    AITpro Admin
    Keymaster

    Do you have BPS Pro Plugin Firewall AutoPilot Mode turned On?  If not, then turn AutoPilot Mode On.  This new Plugin Firewall whitelist rule should be created automatically:  /wonderplugin-pdf-embed/pdfjs/web/viewer.html.  If you are disabling WP standard crons and are using a Direct Cron instead then Plugin Firewall AutoPilot Mode whitelist rules will be created based on the Direct Cron job intervals you are using.  If you want to manually create a Plugin Firewall whitelist rule for the Wonder PDF Embed plugin then do the steps below.

    1. Copy this whitelist rule into the Plugins Script|File Whitelist Text Area: /wonderplugin-pdf-embed/pdfjs/web/viewer.html
    Important Note: Each plugin script/file path that you add MUST be separated by a comma and a space. Example: /plugin-folder-name/example-file-name.js, /example-plugin-folder-name/api/paypal-ipn-script.php,
    2. Click the Save Whitelist Options button.
    3. Turn AutoPilot Mode On.
    4. Click the Activate button to activate the Plugin Firewall.

    December 1, 2021 at 6:44 am #40980
    David Langston
    Participant

    Hello,

    Thanks so much for the quick response, great support as always. I did get the reply from the forum but it went into spam. (That’s just Google who are spamming all-sorts at the moment).

    I added the code, and needed to add a second entry too for .js as below:

    /wonderplugin-pdf-embed/pdfjs/web/viewer.html, /wonderplugin-pdf-embed/pdfjs/web/pdf.customise.js

    I’ll know for next time how to handle these exceptions. One other note, is that the auto setting for the firewall was on, but the rule didn’t get added when I ran the setup. Other rules however were already added as you would expect.

    Many thanks again,

    Lanx

    December 1, 2021 at 7:03 am #40981
    AITpro Admin
    Keymaster

    Actually what happened is that I thought I had already added .html file extensions to the Plugin Firewall AutoPilot Mode whitelist rule making code, but I just rechecked the code and I guess I left that file extension out of the filter.  So that is why the .html file whitelist rule was not automatically created.  I am releasing BPS Pro 16.1 today in a few hours.  So I don’t want to try and add this new .html file extension in the Plugin Firewall AutoPilot Mode code until I have had a chance to thoroughly test things.  I will add this in BPS Pro 16.2.

    December 1, 2021 at 7:14 am #40982
    AITpro Admin
    Keymaster

    I take that back.  I will add the .html file extension in the Plugin Firewall AutoPilot Mode whitelist making code in BPS Pro 16.1, which will be released in a few hours.  I just tested the new file extensions and everything works fine.  So this is a pretty straightforward fix and I don’t expect any unforeseen issues/problems.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.