Allow access to browserconfig.xml

  • phbernard

    (@phbernard)


    9 years, 6 months ago

    Hi guys,

    I’m the author of the “Favicon by RealFaviconGenerator” WP plugin (https://wordpress.org/plugins/favicon-by-realfavicongenerator/).

    One of my users reported an issue regarding browserconfig.xml, the file used by W8.1/IE11 to discover web site’s tile pictures, among other things. He got a 403 while accessing http://example.com/wp-content/uploads/fbrfg/browserconfig.xml. This is the kind of request usually made by IE11. Apparently, he was able to fix this by deactivating some of the security checks of All in One WP Security & Firewall. In the end, he added the following to an .htaccess:

    # BEGIN Real Favicon Generator
    <Files browserconfig.xml>
    order allow,deny
    allow from all
    </Files>
    # BEGIN Real Favicon Generator

    I suppose All in One WP Security prevents access to XML files which could cause security breaches in the server, is that right? Hidden XML-RPC stuff maybe? Maybe you could do an exception for this particular file? Even if IE11+browserconfig.xml is not that famous, it is a legit combo any WP instance might have.

    Cheers,
    Philippe

    https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    9 years, 6 months ago

    Thank you Philippe for reporting this issue. One of the plugin developers will investigate this further.

    Regards

    aleksamaj

    (@aleksamaj)

    8 years, 8 months ago

    Thank you, I really like RealFaviconGenerator!
    The above solution did not help me but this one did:

    In .htaccess file section # SPECIFIC EXPLOITS
    I replaced
    RedirectMatch 403 config\.
    with
    RedirectMatch 403 (?<!browser)config\.

    and in section # 5G:[REQUEST STRINGS]
    replaced
    RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml)
    with
    RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|(?<!browser)config\.xml)

    Thread Starter phbernard

    (@phbernard)

    8 years, 8 months ago

    Thanks!

    I hope this will be eventually fixed in AiO WP Security. With the major upgrade to Windows 10 and its new Edge browser, browserconfig.xml will become more and more common.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Allow access to browserconfig.xml’ is closed to new replies.