WPADMIN-SBR 403 Error in Piotnet Form Pro with Google Sheet OAuth2.0 problem

Home Forums BulletProof Security Pro WPADMIN-SBR 403 Error in Piotnet Form Pro with Google Sheet OAuth2.0 problem

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #41776
    Steven_Lee
    Participant

    Hi, Dear Bulletproof Pro team.

    I want to auto-export Piotnet form Pro’s form entry to my google sheet when a user sends a form.

    But when I connect the Piotnet form with the Google OAuth2 consent screen, it shows:

    mydomain.com 403 Forbidden Error

    If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.

    IP Address: xx.xx.xx.xxx

    BPS Pro Plugin 403 Error Page

    I’ve checked the security log, it shows as follows:

     [403 GET Request: April 28, 2022 - 4:45 pm]
    BPS Pro: 16.5
    WP: 5.9.3
    Event Code: WPADMIN-SBR
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: xx.xx.xx.xxx
    Host Name: xx.xx.xx.xxx
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: https://accounts.google.com/
    REQUEST_URI: /wp-admin/admin.php?code=4/~~~~&connect_type=google_sheet&page=piotnetforms&scope=https://www.googleapis.com/auth/spreadsheets
    QUERY_STRING: code=4/~~~&connect_type=google_sheet&page=piotnetforms&scope=https://www.googleapis.com/auth/spreadsheets
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
    

    What kind of custom wp admin code should add? Can I help me with this?

    Steven

    #41777
    AITpro Admin
    Keymaster

    Create a wp-admin Query String skip/bypass rule in BPS wp-admin Custom Code text box:  3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES

    1. Go to BPS Pro > htaccess File Options > Custom Code tab > wp-admin htaccess File Custom Code accordion tab.
    Paste the Piotnet Form Pro wp-admin Query String skip/bypass rule below in wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
    2. Click the Save wp-admin Custom Code button. Note: If you see an error or are unable to save your custom htaccess code due to ModSecurity installed on your host server then click the Encrypt Custom Code button first and then click the Save wp-admin Custom Code button to bypass/evade ModSecurity.
    3. Go to the BPS Pro Setup menu > Setup Wizard > run the Pre-Installation Wizard and Setup Wizard.

    # Piotnet Form Pro wp-admin Query String skip/bypass rule
    RewriteCond %{QUERY_STRING} page=piotnetforms(.*) [NC]
    RewriteRule . - [S=2]
    #41780
    Steven_Lee
    Participant

    Thanks for the fast reply. After adding above code, it works like a charm.
    ——————————————————————————-

    I have another website that uses the Bit Integration Pro plugin that connects my form with Google Sheet,
    It has the same problem,

    mydomain2.com 403 Forbidden Error

    If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.

    IP Address: xx.xx.xx.xxx

    BPS Pro Plugin 403 Error Page

    Here is the security log:

    [403 GET Request: April 29, 2022 - 2:27 pm]
    BPS Pro: 16.5
    WP: 5.9.3
    Event Code: WPADMIN-SBR
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: xxx.xxx.xx.xx
    Host Name: xxx.xxx.xx.xx.vultrusercontent.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: https://accounts.google.com/
    REQUEST_URI: /wp-json/bit-integrations/v1/redirect?code=4/0AX4XfWjkb4T_9C7M_ySXZZPEVqsAZI_1T6D5uKl0_NUCFPeHRAo36KDkcgqtxvE3psgCQw&scope=https://www.googleapis.com/auth/drive&state=https://mydomain2.com/wp-admin/admin.php?page%3Dbit-integrations%23/flow/action/new/Google%2520Sheet/redirect
    QUERY_STRING: code=4/~~~&scope=https://www.googleapis.com/auth/drive&state=https://mydomain2.com/wp-admin/admin.php?page%3Dbit-integrations%23/flow/action/new/Google%2520Sheet/redirect
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
    

    I want to replace the page=piotnetforms(.*) to page%3Dbit-integrations(.*), but it’s a “%3D“, not “=

    Does the below code correct?

    # Bit Integrations / Bit Integrations Pro Plugin wp-admin Query String skip/bypass rule
    RewriteCond %{QUERY_STRING} page%3Dbit-integrations(.*) [NC]
    RewriteRule . – [S=2]

    #41781
    AITpro Admin
    Keymaster

    If this part of the Query String will always stay the same:  code=4 then you can use this wp-admin Query String skip/bypass rule for both plugins.

    # Piotnet Form Pro & Bit Integration Pro wp-admin Query String skip/bypass rule
    RewriteCond %{QUERY_STRING} code=4(.*) [NC]
    RewriteRule . - [S=2]
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.