WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Access files from app (6 posts)

  1. deogo
    Member
    Posted 1 year ago #

    Hello,
    I've set up BPS and unable to access some files on the site through the application ( it uses HTTP requests ), - getting 403 Forbidden.
    Hovewer, i'm able to access this files directly through the browser.
    If i disable BPS ( by deleting .htaccess ) - all works fine again
    Can you help me solve this problem?
    And thank you for a very good plugin!

    http://wordpress.org/extend/plugins/bulletproof-security/

    [ Please do not bump, that's not permitted here. ]

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    ...unable to access some files on the site through the application ( it uses HTTP requests )

    Please be more specific and post specific details of the problem. If this is a problem with a plugin, then add the plugin name or script name or file name and if you have a URL or Query string that is being forbidden please post it here.

  3. deogo
    Member
    Posted 1 year ago #

    yeah, sorry
    here is an url:
    http://apathysoftworks.com/QC/qc_update/last_ver.txt
    i can open it in the browser, but my app - Quick Cliq, cannot access this file using COM object "WinHttp.WinHttpRequest.5.1" with GET request
    http://apathysoftworks.com/software/quickcliq

    I believe it somehow related win BPS protection against auto site-downloaders. I need to know what i should change in .htaccess ( which was secure.htaccess formerly ) to fix this problem

    Again, if i restore previous htaccess from backup - it works fine

  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Excellent details! Thank you.

    winhttp is explicitly blocked by BPS in the root .htaccess file and also in the wp-admin .htaccess file. To remove that restriction you would remove winhttp from these security filters below. This should allow Quick Cliq to communicate successfully with your website.

    Root .htaccess file

    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]

    wp-admin .htaccess file

    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Hello deogo,
    Please post a status update on this issue. Thanks.

  6. deogo
    Member
    Posted 1 year ago #

    It works now
    Thank you, AITpro!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic