WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] BPS Security Conflicts With A Plugin (4 posts)

  1. castaholla
    Member
    Posted 1 year ago #

    BPS Security conflicts now with my Wp-Realty Plugin. When I try to call for a search, i get 403 access denied. However, when I deactive the secure root HTACCESS file and go back to the wordpress default it works just fine.

    Is there a rewrite rule we can put in to skip over this plugin or?

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. castaholla
    Member
    Posted 1 year ago #

    you can see it here: http://www.ml33913.com/realestate/

    Run any query and you see the 403 error. Now, when I deactivate it, it works just fine.

  3. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    The Square Brackets / ASCII %5B and %5D characters are being blocked in your Query string for this plugin.

    ?pclass%5B%5D=1&sortby=Price&sorttype=DESC&action=searchresults&action=searchresults&page_id=1015

    You will need to modify these BPS security filters in your Root .htaccess file.

    Before modification
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x5b|\x5d|\x7f).* [NC,OR]
    
    After modification
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
  4. castaholla
    Member
    Posted 1 year ago #

    that did the trick. Thank you so much!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.