Conflict with social share plugin
-
Hello,
Recently, I installed a premium social share plugin from CodeCanyon: Easy Social Share Buttons.
The problem is that BPS is blocking some features of the plugin: “the server responded with a status of 403 (Forbidden)”. BPS does not let Google + counter display correctly and does not allow the user to share content via email, with the social share email button.
When I uninstall BPS, everything works fine. Is there anyway I can whitelist this plugin or something like that?
My site is http://www.limaonagua.com.br/
Best regards
-
Post the log entry from your BPS Security Log for this 403 error. For future reference here are the BPS troubleshooting steps.
http://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshootingHere it is some instances of the 403 error:
[403 GET / HEAD Request: 23 de junho de 2014 - 12:50] Event Code: PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 177.210.158.250 Host Name: 177-210-158-250.user3g.veloxzone.com.br SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.limaonagua.com.br/decoracao/decoracao-de-cozinha-americana/ REQUEST_URI: /wp-content/plugins/easy-social-share-buttons/public/get-noapi-counts.php?nw=google&url=http://www.limaonagua.com.br/decoracao/decoracao-de-cozinha-americana/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 4.1.2; GT-I8262B Build/JZO54K) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.58 Mobile Safari/537.31 [403 GET / HEAD Request: 23 de junho de 2014 - 12:50] Event Code: PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 177.129.194.200 Host Name: pool.wiff.com.br.194.129.177.in-addr.arpa SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.limaonagua.com.br/decoracao/ideias-de-decoracao-com-tinta-lousa/ REQUEST_URI: /wp-content/plugins/easy-social-share-buttons/public/get-noapi-counts.php?nw=google&url=http://www.limaonagua.com.br/decoracao/ideias-de-decoracao-com-tinta-lousa/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Linux; U; Android 4.0.4; pt-br; GT-S7562L Build/IMM76I) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 [403 GET / HEAD Request: 23 de junho de 2014 - 12:50] Event Code: PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 177.83.4.202 Host Name: b15304ca.virtua.com.br SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.limaonagua.com.br/decoracao/ideias-de-decoracao-com-tinta-lousa/ REQUEST_URI: /wp-content/plugins/easy-social-share-buttons/public/essb-mail.php?from=brenolara@gmail.com&to=brenolara@gmail.com&sub=Ideias%20de%20decora%C3%A7%C3%A3o%20com%20tinta%20lousa&message=Ol%C3%A1,%20isso%20pode%20ser%20de%20seu%20interesse:%20%22Ideias%20de%20decora%C3%A7%C3%A3o%20com%20tinta%20lousa%22!%20Esse%20%C3%A9%20o%20link:%20http://www.limaonagua.com.br/decoracao/ideias-de-decoracao-com-tinta-lousa/%20&t=Ideias+de+decora%C3%A7%C3%A3o+com+tinta+lousa&u=http%3A%2F%2Fwww.limaonagua.com.br&p=http%3A%2F%2Fwww.limaonagua.com.br%2Fdecoracao%2Fideias-de-decoracao-com-tinta-lousa%2F&c=14 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 [403 GET / HEAD Request: 23 de junho de 2014 - 12:50] Event Code: PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 177.83.4.202 Host Name: b15304ca.virtua.com.br SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.limaonagua.com.br/decoracao/ideias-de-decoracao-com-tinta-lousa/ REQUEST_URI: /wp-content/plugins/easy-social-share-buttons/public/essb-mail.php?from=brenolara@gmail.com&to=brenolara@gmail.com&sub=Ideias%20de%20decora%C3%A7%C3%A3o%20com%20tinta%20lousa&message=Ol%C3%A1,%20isso%20pode%20ser%20de%20seu%20interesse:%20%22Ideias%20de%20decora%C3%A7%C3%A3o%20com%20tinta%20lousa%22!%20Esse%20%C3%A9%20o%20link:%20http://www.limaonagua.com.br/decoracao/ideias-de-decoracao-com-tinta-lousa/%20&t=Ideias+de+decora%C3%A7%C3%A3o+com+tinta+lousa&u=http%3A%2F%2Fwww.limaonagua.com.br&p=http%3A%2F%2Fwww.limaonagua.com.br%2Fdecoracao%2Fideias-de-decoracao-com-tinta-lousa%2F&c=13 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 [403 GET / HEAD Request: 23 de junho de 2014 - 12:51] Event Code: PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 201.90.253.163 Host Name: 201.90.253.163 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: unknown HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.limaonagua.com.br/diy/como-escolher-a-tinta-ideal-para-o-seu-ambiente/ REQUEST_URI: /wp-content/plugins/easy-social-share-buttons/public/get-noapi-counts.php?nw=google&url=http://www.limaonagua.com.br/diy/como-escolher-a-tinta-ideal-para-o-seu-ambiente/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NMJB)
[Moderator Note: Please post log files between backticks or use the code button.]
Looks like either a plugin skip/bypass rule will work…
1. Copy the code below to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
# Easy Social Share Buttons skip/bypass RewriteCond %{REQUEST_URI} ^/wp-content/plugins/easy-social-share-buttons/ [NC] RewriteRule . - [S=13]
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page, click the Create secure.htaccess File AutoMagic button and activate Root folder BulletProof Mode.…or you might need to whitelist these files – get-noapi-counts.php and essb-mail.php – in the RFI security filter since the Request URI/Query is simulating a hacking attempt against your website…
1. Copy the modified TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE code below to this BPS Root Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
IMPORTANT!!!: Edit the code below after copying it to the BPS Custom Code text box and replace “example.com” with your actual website domain name.
# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE # Only Allow Internal File Requests From Your Website # To Allow Additional Websites Access to a File Use [OR] as shown below. # RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR] # RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.* RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR] RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC] RewriteRule .* index.php [F,L] RewriteCond %{REQUEST_URI} (get-noapi-counts\.php|essb-mail\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC] RewriteCond %{HTTP_REFERER} ^.*example.com.* RewriteRule . - [S=1]
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page, click the Create secure.htaccess File AutoMagic button and activate Root Folder BulletProof Mode.It worked like a charm!
Thank you for your kind support.
Did the plugin/skip bypass rule work or adding the file names to the RFI security filter/code? Thanks.
The plugin/skip bypass rule
Ok. Thanks.
- The topic ‘Conflict with social share plugin’ is closed to new replies.