Support » Plugin: BBQ Firewall » API requests return 403

  • Resolved Christopher Mailänder

    (@ceem123)


    Hi there,

    First of all: We love your plugin and it is really super-easy to use. However, we experience an issue with the latest version unfortunately: The new version causes API requests coming out of Python to be blocked and the API to return a 403 error.

    The same requests over the browser still work fine though.

    Is this something we can fix somehow or do we have any possibility to change a setting maybe?

    If you need further information, please do not hesitate to let me know.

    Thank you!

    Best regards,
    Christopher

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Jeff Starr

    (@specialk)

    Hi Christopher,

    Thanks for reporting. I will remove python from the user agent rules for the next plugin update. In the meantime if you want to implement the change now, follow these steps:

    1. Open block-bad-queries.php
    2. On line 51 find the array of user agents
    3. Locate python in the array and remove it

    Specifically, remove the following characters exactly:

    'python',

    Then save changes and test that it’s working correctly.

    swissspaceboy

    (@swissspaceboy)

    Hi Jeff,

    Got 403 error too for the visits log of plugin “StopBadBots” of Bill. Not python but XHR request.
    https://www.mydomain.ch/wp-admin/admin-ajax.php?action=stopbadbots_get_ajax_data&pll_ajax_backend=1&draw=1&columns%5B0%5D%5Bdata%5D=&columns%5B0%5D%5Bname%5D=&columns%5B0%5D%5Bsearchable%5D=true&columns%5B0%5D%5Borderable%5D=true&columns%5B0%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B0%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B1%5D%5Bdata%5D=1&columns%5B1%5D%5Bname%5D=&columns%5B1%5D%5Bsearchable%5D=true&columns%5B1%5D%5Borderable%5D=true&columns%5B1%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B1%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B2%5D%5Bdata%5D=2&columns%5B2%5D%5Bname%5D=&columns%5B2%5D%5Bsearchable%5D=true&columns%5B2%5D%5Borderable%5D=true&columns%5B2%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B2%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B3%5D%5Bdata%5D=3&columns%5B3%5D%5Bname%5D=&columns%5B3%5D%5Bsearchable%5D=true&columns%5B3%5D%5Borderable%5D=true&columns%5B3%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B3%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B4%5D%5Bdata%5D=4&columns%5B4%5D%5Bname%5D=&columns%5B4%5D%5Bsearchable%5D=true&columns%5B4%5D%5Borderable%5D=true&columns%5B4%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B4%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B5%5D%5Bdata%5D=5&columns%5B5%5D%5Bname%5D=&columns%5B5%5D%5Bsearchable%5D=true&columns%5B5%5D%5Borderable%5D=true&columns%5B5%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B5%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B6%5D%5Bdata%5D=6&columns%5B6%5D%5Bname%5D=&columns%5B6%5D%5Bsearchable%5D=true&columns%5B6%5D%5Borderable%5D=true&columns%5B6%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B6%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B7%5D%5Bdata%5D=7&columns%5B7%5D%5Bname%5D=&columns%5B7%5D%5Bsearchable%5D=true&columns%5B7%5D%5Borderable%5D=true&columns%5B7%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B7%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B8%5D%5Bdata%5D=8&columns%5B8%5D%5Bname%5D=&columns%5B8%5D%5Bsearchable%5D=true&columns%5B8%5D%5Borderable%5D=true&columns%5B8%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B8%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B9%5D%5Bdata%5D=9&columns%5B9%5D%5Bname%5D=&columns%5B9%5D%5Bsearchable%5D=true&columns%5B9%5D%5Borderable%5D=true&columns%5B9%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B9%5D%5Bsearch%5D%5Bregex%5D=false&order%5B0%5D%5Bcolumn%5D=0&order%5B0%5D%5Bdir%5D=desc&start=0&length=10&search%5Bvalue%5D=&search%5Bregex%5D=false&_=1606044208261

    Thread Starter Christopher Mailänder

    (@ceem123)

    Hi Jeff,

    Thank you very much for the incredibly quick answer.

    I will try with my colleague.

    Plugin Author Jeff Starr

    (@specialk)

    Hey Christopher, just to follow up. The python pattern is removed in the latest version of BBQ (20201123). So the above mentioned steps no longer are necessary. Thanks again for your feedback.

    @swissspaceboy BBQ blocks requests longer than 2000 characters. That example URL is over 2200 characters (!). In any case, the latest version of the plugin can be customized using the BBQ Customize plugin. It enables you to disable the long-request check so that BBQ never will block crazy long URLs (like the example you share above). Thank you very much for reporting.

    Thanks for the plugin to customize. This is appreciated to handle some exceptions from the World Wild Web.

    I’ll give it a try and report back in case of issues.

    Many thanks,

    Didier.

    Thread Starter Christopher Mailänder

    (@ceem123)

    Thanks again. I really aprpeciate it!

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.