WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] cURL Returns 403 on Feed Pages when Using Secure Mode (46 posts)

  1. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

  2. chriscarvache
    Member
    Posted 1 year ago #

    Thanks for the link but this is not relevant to what's happening. I'm driving now and will send youscreen shots and link when I can.

  3. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    All communication from point A (website A) to point B (website B) is done with Query strings or some form of API. BPS blocks Query strings that contain dangerous coding characters. So once i can see the source then i will easily be able to see the problem. Thanks.

  4. chriscarvache
    Member
    Posted 1 year ago #

    I can't find what query MailChimp sends to the site. However here are some links I've collected while researching this...

    My site's Valid Feed

    MailChimp FAQ About why Feed is reported to be invalid - A Bit Vague

    Screen Capture of MailChimp Error

    I hope some of this helps...

  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Nope none of these links tells me what the Query string is that MailChimp is querying your Feed with. Please contact MailChimp and ask them what the Query strings are for the Feed posts that are generating errors and post that info back here. Thanks.

  6. chriscarvache
    Member
    Posted 1 year ago #

    Okay thanks. I've just submitted a support ticket inquiring about the query string.

  7. chriscarvache
    Member
    Posted 1 year ago #

    Okay here's what I got from Mail Chimp

    Hey Chris,

    Thanks for reaching out to us. So to clarify, while we wouldnt be able to provide the specifics of what are going on with your feed and site and what exactly needs to be changed, we did double check some common things on your feed at http://newleafwebsolutions.com/feed/ and can see that when checking it against a 'GET' and 'HEAD' request the issue appears to be with how the feed is set up.

    Im order for a feed to be usable in MailChimp it must validate, as well as pass both GET and HEAD requests from our servers. Looking at the response from the HEAD request its returning "Status: HTTP/1.1 403 Forbidden".

    This should be returning a response of "Status: HTTP/1.1 200 OK".

    I would pass this information on to your developer as adjusting the access permissions on your feed should be enough to help get things resolved! Please let us know if you need additional support!

    Thank you,
    Tyler

  8. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Ok then just remove HEAD from the nuisance filter shown below in your Root .htaccess file.

    # REQUEST METHODS FILTERED
    # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some
    # HEAD request from bots that you want to allow in certains cases. This is not a security filter and is just
    # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow
    # all bots to make a HEAD request then remove HEAD from the Request Method filter.
    # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]
  9. chriscarvache
    Member
    Posted 1 year ago #

    Great. That worked perfectly. Thanks so much for your help and expertise!

  10. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Great and damn. I skipped over the most obvious thing to check first. DOH! ok i will post this on my Plugin fixes page so i do not make this dumb oversight again. Thanks.

  11. Harty
    Member
    Posted 11 months ago #

    Hi.
    I am having the same rss/MailChimp issue, and additionally a situation where iTunes does not recognize my podcasts feed. I have two websites.
    Both issues are resolved when I disable bps.
    is this something I can correct in the bps custom code area?
    My htaccess file cannot be changed. My changes are not saved.
    Thanks,
    Steve

  12. AITpro
    Member
    Plugin Author

    Posted 11 months ago #

    Post the log entries from your BPS Security log file that relate directly to these issues. Please do not post your entire Security log.

    "...when I disable bps" - please explain this in more detail. Are you deactivating the BPS plugin, deleting the .htaccess file manually, etc.

    "...My htaccess file cannot be changed. My changes are not saved...." - please explain this in more detail. Do you see error messages? Is your Server type DSO?

  13. Harty
    Member
    Posted 11 months ago #

    Hi.
    Here is the log for the MailChimp RSS issue:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - 21 August, 2013 - 9:54 pm <<<<<<<<<<<
    REMOTE_ADDR: 173.193.169.XXX [my Xs]
    Host Name: 173.193.169.XXX-static.XXXX.com [my Xs]
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /feed/
    QUERY_STRING:
    HTTP_USER_AGENT: Zend_Http_Client

    By disabling BPS, I mean that I reset BPS back to the default settings, and de-activate BPS in the Plug-ins section.

    I cannot change my HT access file. By this I mean when I access the file via FTP, I open the HTAccess file, make changes, but these are not saved due to it being protected.

    I see no error messages.

    I do not know my server type.

  14. AITpro
    Member
    Plugin Author

    Posted 11 months ago #

    Most likely your .htaccess file is locked. You can lock and unlock and edit your .htaccess file on the BPS Edit/Upload/Download page with the built-in .htaccess editor and do not need to do this with FTP.

    Both iTunes and MailChimp make a HEAD Request. To allow HEAD Requests follow the Custom Code steps in the link below.

    MailChimp uses Zend so I assume this: Zend_Http_Client::HEAD

    http://forum.ait-pro.com/forums/topic/itunes-cannot-read-feed/#post-2787

  15. Harty
    Member
    Posted 11 months ago #

    Thank you. This is now fixed for me.

    I had not followed the following steps:

    2. Click the Save Root Custom Code button.

    3. Go to the Security Modes page and click the Create secure.htaccess File AutoMagic button.

    4. Activate Root Folder BulletProof Mode.

  16. AITpro
    Member
    Plugin Author

    Posted 11 months ago #

    Yep, there is older information all over the place that is now outdated, since the new Custom Code options were added to the newer versions of BPS.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic