Home › Forums › BulletProof Security Pro › WooCommerce /woocommerce_uploads/ folder – 403 error
Tagged: 403 error, WooCommerce
- This topic has 1 reply, 1 voice, and was last updated 3 years, 5 months ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
Email Question:
Been a while and I hope you are well. There’s this record I noticed today in the security log that I couldn’t make sense of. It got logged when I initiated an update to the WooCommerce plugin.
[403 GET Request: April 13, 2021 - 7:29 pm] BPS Pro: 15.3 WP: 5.7 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 65.1.29.89 Host Name: myservername.compute.amazonaws.com SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: xx.xx.xx.xx, xx.xx.xx.xx (IP address of this server) HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.thisdomain.com/wp-content/uploads/woocommerce_uploads/ REQUEST_URI: /wp-content/uploads/woocommerce_uploads/ QUERY_STRING: HTTP_USER_AGENT: WordPress/5.7; https://www.thisdomain.com
Any suggestions please?
AITpro AdminKeymasterWooCommerce creates 2 files in the in the /uploads/woocommerce_uploads/ folder. An .htaccess file that denies access to any/all files in the /woocommerce_uploads/ folder and a blank index.html file. Based on looking at the WooCommerce code they are planning on using the /woocommerce_uploads/ folder for various things in the future. The Security Log entry is the result of WooCommerce doing a simple check/test to make sure the /woocommerce_uploads/ folder is protected. So it is not a problem. BPS logs all 403 errors whether or not BPS caused the 403 error. In this case WooCommerce intentionally caused the 403 error during their check/test to make sure the /woocommerce_uploads/ folder is protected.
[403 GET Request: April 13, 2021 - 2:56 pm] BPS Pro: 15.2 WP: 5.7 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 127.0.0.1 Host Name: DESKTOP-8TQEKNH SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://demo5.local/wp-content/uploads/woocommerce_uploads/ REQUEST_URI: /wp-content/uploads/woocommerce_uploads/ QUERY_STRING: HTTP_USER_AGENT: WordPress/5.7; http://demo5.local
-
AuthorPosts
- You must be logged in to reply to this topic.