xmlrpc python

Home Forums BulletProof Security Free xmlrpc python

Tagged: ,

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • April 27, 2013 at 7:43 am #4946
    rds
    Member

    Hi

    I’m writing a python script to use xmlrpc to post a file to my WP site. However BPS causes 403 errors (xmlrpc works fine when I turn BPS off). I’ve included the  security log message below (the remote_addr and host name are mine of course).

    I thought maybe BPS was blocking my script because of python in the user agent, so I got rid of all references to python in the BPS root .htaccess, but this now leads to a 500 error…

    Any ideas ?

    Thanks very much

    >>>>>>>>>>> 403 GET or Other Request Error Logged - 26/04/2013 - 2:05 PM <<<<<<<<<<<
REMOTE_ADDR: ******************
Host Name: ***********************
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /xmlrpc.php
QUERY_STRING:
HTTP_USER_AGENT: xmlrpclib.py/1.0.1 (by www.pythonware.com)
    April 27, 2013 at 8:01 am #4952
    AITpro Admin
    Keymaster

    Yep, most likely you just made a typo and that caused the 500 error. I assume this is the modification you did to allow the python User Agent. Edit your root .htaccess file and remove python| from the User Agent security filters. Be sure to also remove the pipe operator |.

    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]

RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.