WordPress.org

Ready to get started?Download WordPress

Forums

403 errors on all CSS and JS files (5 posts)

  1. enderandrew
    Member
    Posted 1 year ago #

    Most of the site is broken right now since I can't seem to get any CSS or JS files to load. The site generally loads CSS files with a version string attached such as below:

    http://blindscribblings.com/wp-includes/css/admin-bar.css?ver=3.4-RC2-21026

    But if I link to the CSS file without the version string, it loads just fine:

    http://blindscribblings.com/wp-includes/css/admin-bar.css

    Almost every article I've seen on these 403 errors suggests I need to set my file permissions to 755 for wp-content and wp-includes and 644 on the files, but I've done that repeatedly.

  2. Pioneer Valley Web Design
    Member
    Posted 1 year ago #

    Are you using a plugin that caches or combines these???...try deactivating your plugins...

  3. enderandrew
    Member
    Posted 1 year ago #

    It was part of my .htaccess file I just added. I removed this section and everything works fine now.

    # 6G:[QUERY STRINGS]
    <IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_URI} !^/$ [NC]
    RewriteCond %{QUERY_STRING} (mod|path|tag)= [NC,OR]
    RewriteCond %{QUERY_STRING} ([a-zA-Z0-9]{32}) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (\?|\.\./|\.|\*|:|;|<|>|'|"|\)|\[|\]|=\\\'$|%0A|%0D|%22|%27|%3C|%3E|%00|%2e%2e) [NC,OR]
    RewriteCond %{QUERY_STRING} (benchmark|boot.ini|cast|declare|drop|echo.*kae|environ|etc/passwd|execute|input_file|insert|md5|mosconfig|scanner|select|set|union|update) [NC]
    RewriteRule .* - [F,L]
    </IfModule>

  4. Pioneer Valley Web Design
    Member
    Posted 1 year ago #

    That looks erroneous at best.

  5. enderandrew
    Member
    Posted 1 year ago #

    It's from a series of .htaccess rules to protect and secure your WordPress install.

    http://perishablepress.com/6g-beta

    I realized however the rule in question was here:

    RewriteCond %{QUERY_STRING} ([a-zA-Z0-9]{32}) [NC,OR]

    That limits the query string to 32 characters so no one attempts any SQL injection via URL. But 32 characters isn't long enough to the URL to many of the JS and CSS files, especially with the version string attached.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.