WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] 403 StumbleUpon (4 posts)

  1. wpconvert
    Member
    Posted 1 year ago #

    Hi

    I've been getting these kinds of errors in my log - is it something I should be concerned with... and if so can you help to resolve them please?

    >>>>>>>>>>> 403 GET or Other Request Error Logged - May 22, 2013 - 15:24 <<<<<<<<<<<
    REMOTE_ADDR: 199.30.80.106
    Host Name: 199.30.80.106
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 199.30.80.106
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /livestock/animal-health/7017-a-case-of-foot-in-mouth-for-defra-as-their-own-evidence-reveals-true-cause-of-btb-outbreak/
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; rv:12.0; StumbleUpon; noc@stumbleupon.com) Gecko/20100101 Firefox/12.0
    
    >>>>>>>>>>> 403 GET or Other Request Error Logged - May 22, 2013 - 20:01 <<<<<<<<<<<
    REMOTE_ADDR: 208.94.145.108
    Host Name: systems.tiggee.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 208.94.145.108
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://longurl.org
    REQUEST_URI: /livestock/animal-health/7017-a-case-of-foot-in-mouth-for-defra-as-their-own-evidence-reveals-true-cause-of-btb-outbreak/
    QUERY_STRING:
    HTTP_USER_AGENT: LongURL API

    Thank you for your time and help.

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I am successfully able to view this post on your website so whatever method is being used by the stumbleupon bot to get this post is the problem. Example: if a bot is making a HEAD request to check if a post/page exists then this will generate a 403 Error because HEAD requests are blocked.

    The same would probably apply for the LongURL API bot.

    Try removing HEAD from this security filter in your root .htaccess file and see if that makes the errors go away.

    1. Go to the B-Core Edit/Upload/Download tab page.
    2. Click on the Your Current Root htaccess file tab.
    3. Scroll down in the contents or your Root .htaccess file and look for this htaccess code below:

    # REQUEST METHODS FILTERED
    # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some
    # HEAD request from bots that you want to allow in certains cases. This is not a security filter and is just
    # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow
    # all bots to make a HEAD request then remove HEAD from the Request Method filter.
    # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]

    4. Delete HEAD| from the Request Method filter as shown below:

    # REQUEST METHODS FILTERED
    # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some
    # HEAD request from bots that you want to allow in certains cases. This is not a security filter and is just
    # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow
    # all bots to make a HEAD request then remove HEAD from the Request Method filter.
    # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]

    Or you can do a whitelist approach.

    http://wordpress.org/support/topic/image-bots-blocked-on-multisite?replies=10#post-4225442

  3. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Important Note: BPS does not block any good/legitimate bots from doing what they do. What happens a lot of the time is that a bot script is doing several different things and one of those things in the script triggers a 403 error. When Security/HTTP Error logging was added to BPS a lot of folks starting thinking that BPS was blocking good bots. For years BPS has not blocked any good/legitimate bots and nothing has changed about that in BPS.

  4. wpconvert
    Member
    Posted 1 year ago #

    Thank you for your swift support and explanation of the finer points of Bulletproof Security's 'under the hood' operations.

    Honestly, one of the best plugin provider support services available - keep up the excellent work!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic