WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] cURL Returns 403 on Feed Pages when Using Secure Mode (46 posts)

  1. chriscarvache
    Member
    Posted 1 year ago #

    I recently upgraded to the latest version of BPS. However because of this, I am unable to use MailChimp's RSS Campaign feature. I have verified that this has something to do with the secure version of the .htaccess file in the WordPress root directory.

    Please let me know if there is something I can change in the .htaccess file that will allow cURL requests from other services.

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    External cURL requests are blocked in this security filter below. If you would like to allow them then remove curl from the security filter below. And you may also need to remove curl from both of these security filters, but typically only the first general UA filter needs to be modified.

    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]

    There is also a cURL security filter in the wp-admin .htaccess file, but most likely you will not need to modify that security filter.

  3. chriscarvache
    Member
    Posted 1 year ago #

    I've removed the curl from the two security filters but, it didn't fix the problem. At this point, only using the default WordPress .htaccess works.

  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    ok i think this plugin calls the admin-ajax.php file, but i am not totally sure about that. manually add this skip/bypass rule to your wp-admin .htaccess file and if it works then add the fix to - CUSTOM CODE WPADMIN PLUGIN FIXES:. if it does not work then post a link and replace your domain name in that link.

    # admin-ajax.php skip/bypass rule
    RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC]
    RewriteRule . - [S=2]

    if admin-ajax.php file call is blocked: Add this wp-admin .htaccess bypass / skip rule below to the wp-admin Custom Code box – CUSTOM CODE WPADMIN PLUGIN FIXES: and then activate BulletProof Mode for your wp-admin folder again. The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.

  5. chriscarvache
    Member
    Posted 1 year ago #

    Interesting suggestion. I'm confused as to how this would solve the curl problem.

  6. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Well if it actually was a literal cURL problem then removing cURL from the BPS security filters would have fixed the issue. What i would need to know to be able to correctly diagnose the problem would be the exact details of what problem is happening exactly, the query strings involved in the problem, url's involved, error messages, the name of the plugin, the version of the plugin, is it a free or premium plugin, etc. Thanks.

  7. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    What i would need to know to be able to correctly diagnose the problem would be the exact details of what problem is happening exactly, the query strings involved in the problem, url's involved, error messages, the name of the plugin, the version of the plugin, is it a free or premium plugin, etc. Thanks.

  8. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Resolving due to lack of response. If the problem is still occurring then please post a response. Thank you.

  9. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I have had a few people contact me with MailChimp issues/problems and all of them have been caused by the same problem - using single quote characters in the Post Title/name.
    http://forum.ait-pro.com/forums/topic/mailchimp-tracking-code-causing-403/

  10. chriscarvache
    Member
    Posted 1 year ago #

    Not sure how I resolved the first time but seems its happening on another site. No single quote characters in the Post Title / name. Just seems like BPS Security is blocking MailChimp from the feed.

  11. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I need to see the full url including the query string. please post it. Thanks.

  12. chriscarvache
    Member
    Posted 1 year ago #

    Which URL are you referring to? The feed URL? If so its http://newleafwebsolutions.com/feed/

  13. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    What is the specific feed post URL that is generating a 403 error? BPS does not block MailChimp in general and the only issues i have seen are that the individual URLs contain Query strings or something else in the URL that is fubar.

  14. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Also there is another possibility that maybe some change in WP 3.5 is causing this issue. 403 errors are a Internet Standard HTTP Status error code. Not all 403 errors would be caused by BPS.

    To confirm or eliminate that the error is caused by BPS blocking something do these steps.

    1. Make a backup of your .htaccess files using BulletProof Security built-in Backup.
    2. Activate Default Mode on the Security Modes page.
    3. Use the Delete wp-admin .htaccess feature on the Security Modes page.
    4. Test your plugin or theme.
    5. Restore your .htaccess files using BulletProof Security built-in Restore.

  15. chriscarvache
    Member
    Posted 1 year ago #

    It looks like the its the entire RSS feed being blocked. MailChimp requires a feed address.

  16. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Is BPS in Default Mode right now? Because i can see your Feed without any problems.

  17. chriscarvache
    Member
    Posted 1 year ago #

    it was a minute ago. I switched it over in order to allow MailChimp access to it. Its now in secure mode.

  18. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I can still see your Feed without any problems.

  19. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Have you tried different Browsers?
    Have you cleared your cache?
    Are you using any Browser add-ons or extensions that could be causing the problem?

  20. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Is the problem occurring on the frontend of your website? ie the actual Feed or is the problem occuring on the backend? ie your Dashboard?

  21. chriscarvache
    Member
    Posted 1 year ago #

    The problem is a mailchimp problem. What happens is that when BPS is in secure mode, a proper RSS driven campaign can't be setup because MailChimp reports the RSS feed as an invalid URL

  22. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I understand the basics and now i would need the specific details about what the problem is. I have tested MailChimp several times and have never found a problem or conflict with BPS and MailChimp versions. What i have found is that query strings used in Feed Posts are blocked because dangerous coding characters are being used in the query strings. These are isolated occurrences that are fixed by removing the dangerous coding characters from the Feed Posts.

    Another possibility is that a new MailChimp version has been released since the last version that i checked. getting real tired of rechecking this plugin over and over, but will do it one more time.

  23. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Just to make absolutely sure i am checking the correct plugin please post the link to the plugin

  24. chriscarvache
    Member
    Posted 1 year ago #

  25. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    You accidentally posted the link to BPS. I need to the link to the MailChimp plugin. Thanks

  26. chriscarvache
    Member
    Posted 1 year ago #

    There is no mailchimp plugin that does this. mailchimp natively has the ability to creatE an RSS driven campaign based on the feed.

  27. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Where is the RSS driven campaign created?

  28. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    What is the Query that is sent to your Feed?

  29. chriscarvache
    Member
    Posted 1 year ago #

    Inside the MailChimp interface

  30. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Ok getting warmer. Now i just need the most important thing - the actual Query.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic