Support » Plugin: BulletProof Security » Referrer Error

Viewing 6 replies - 1 through 6 (of 6 total)
    Disabled all custom code entries and problem is still present.
    Put in default mode, problem is gone.
    Bulletproof mode, problem back.

    OK, was able to track it down to this line of code in the .htaccess file.
    #RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    Now I’m outside my knowledge level, any assistance or further information would be appreciated.

    OK, after more research I have found that the %27 in the code line is to make the system deny (forbid) any referrer that has an apostrophe [‘] in the string.
    Would anybody be interested in commenting on the possible security risk by allowing this on a shopping cart site?
    I don’t like editing core plugin files as it makes for a pain to update things, and in this case, I’m going to say the developers have added this for good reason.
    But at this time I really don’t have any choice on this site due to the business name and search volume on this phrase for the client. :-/

    Plugin Author AITpro


    The steps to allow the single quote code character/apostrophe in URL’s & Query Strings and permanently save your modified .htaccess code to BPS Custom Code is in the link below.

    Apostrophe – Single Quote Code Character 403 Error

    Impact to overall website security: BPS has several overlapping security filters/rules. So by modifying these particular rules/filters in the link above, your website is still protected against SQL Injection attacks. The SQL Injection security filter/rule below will still protect the site from all SQL Injection attacks. The single quote code character is used in most SQL Injection attacks.

    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

    Awesome, thanks!
    In all my searches that post didn’t come up. Thanks for pointing me in the right direction.
    Impact is understood, thanks for the useful plugin and information.
    Have an awesome day.

    Forgot to mark resolved in my last comment.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘ Referrer Error’ is closed to new replies.