WordPress.org

Support

Support » Plugins and Hacks » BulletProof Security » [Resolved] BPS and Wayback Machine

[Resolved] BPS and Wayback Machine

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Author AITpro

    @aitpro

    BPS does not block the wayback machine or archive.org. You can confirm this by checking ait-pro.com back to 2009 and site captures as recent as April of this year.

    If you have added additional htaccess code to your root .htaccess file that blocks IP addresses remove the IP address for web.archive.org.

    NOTE: archive.org is abused by Spammers to post spam posts on WordPress sites and then link back to those spam posts on archive.org so if you have another plugin installed that is blocking archive.org or has added these IP addresses because spammers abuse archive.org then that is where the problem is occurring.

    Thanks for your response. I will try to find where is the problem in my htaccess, knowing that BPS is not responsible for that. However, I haven´t found anything yet which could block IP addresses from web.archive.org.

    Plugin Author AITpro

    @aitpro

    Also check your BPS Security Log. If BPS is blocking something it will be logged. If you see an error log entry that was archive.org as the Referer then post that error log entry. Thanks.

    Plugin Author AITpro

    @aitpro

    I thought of another possibility. Does your website use an apostrophe/single quote coding character in its name or title?

    Example: Pete’s Garage

    What can happen is this: Since BPS has security filters that block URL’s/Query Strings with the single quote coding character/apostrophe in the URL/Query String then if an external URL pointing to your site contains that single quote coding character/apostrophe in the URL/Query string then a 403 error will occur since this is seen as a threat/attack against your website. There is a fix for this, but before I post that fix let me know if this is the case/scenario that is occurring. Thanks.

    Also check with your Host and in your Web Host Control Panel to see if this IP or domain name is being blocked.

    Nop, my website doesn’t use apostrophes or single qoutes. What I see in my Error log is something like that:

    [error] [client 207.241.229.207] Request exceeded the limit of 10 internal redirects due to probable configuration error.

    I have read the following discussion about that problem before:

    Request exceeded the limit of 10 internal redirects

    I have checked if by eliminating this command the error would persist or not: ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php When I erase this command the internal redirects disappear. So, it should be a problem about something else that is trying to handle 403 redirects, right?. But, you know what is the most strange thing of all this? This error mainly appears from IPS such as web.archive.org, Amazon or Opera Software Asa. Apart from that, all is fine. I have tried to access Loglevel Debug to get a backtrace but my Hosting doesn’t allow to activate it. So I am a little lost here.

    Ah, and the problem isn´t solved by using this:

    # .htaccess Fix for 403 Error Infinite Loops
    RewriteEngine On
    RewriteCond %{ENV:REDIRECT_STATUS} 403
    RewriteRule .* – [L]

    Thank you for your attention. I have been thinking about buying the BPS pro version and I have finally decided to do it 🙂

    Plugin Author AITpro

    @aitpro

    That code you posted would not work since the ErrorDocument directive is a redirect directive so the infinite would still continue to occur. I need to bold and highlight this sentence in that forum post. The idea was to let folks know that this would not work so do not bother trying it. 😉

    …And doing something like this would NOT work because the ErrorDocument directive already has a Redirect Status 403…

    Yep, unless you have Dedicated Hosting then you would not be allowed to do LogLevel stuff.

    Ok so since the ErrorDocument is an .htaccess redirect directive then what this means is that the error is occurring repeatedly in an infinite redirect loop. The rest of that Forum post goes on to explain troubleshooting steps to try and isolate where the conflict is, but does not include that this could be a conflict with something your Host itself is doing or maybe a Host Control Panel option, tool or setting. Example: If errors are being handled by something else then you end with BPS trying to handle this and something else at the same time so this creates an infinite redirect problem. I will update the BPS Forum post to include this info. You can turn Off BPS Security logging on the Security Log page if error logging is being handled/checked/logged elsewhere. Check with your Host and see if they are already handling error logging at the Server with something like mod_security, etc.

    Try commenting out the ErrorDocument htaccess code in your Root .htaccess file. What is probably happening is you have another plugin installed or maybe your Theme itself that is conflicting with the new BPS ErrorDocument .htaccess code. Comment out this code by adding a pound sign in front of it. This of course removes your capability to log / track errors on your website, but it will give you clues to figuring out what might be happening so that you can start eliminating plugins and your Theme from causing this problem by doing the standard WordPress troubleshooting steps – deactivate all plugins and activate them one by one until you find the problem plugin and switch your Theme, etc.

    Plugin Author AITpro

    @aitpro

    Actually that is mentioned in the forum topic that the Host might be handling errors already, but I have added additional info to make this clearer.

    I have been testing all the possibilities these days. Neither the theme nor the plugins are responsible for these internal redirects. I have changed the theme and deactivated the plugins and the internal redirects persisted.

    I have asked my web hosting if the server has mod_Security and they have confirmed me that the server has both mod_Security and Suhosin. Could One of these protection systems be causing the internal redirects?

    Plugin Author AITpro

    @aitpro

    Yep, it is going to be a mod_security SecRule or SecFilter. Suhosin works on another level of security and would not be the cause of this.

    Plugin Author AITpro

    @aitpro

    Please post a status update. If the issue/problem is resolved please resolve this thread. Thank you.

    Resolved. I have erased this command (ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php) in order to avoid internal redirects because mod_Security is interfering with it. I am in a shared hosting so I can’t do anything about the mod_Security.

    Thanks!

    Plugin Author AITpro

    @aitpro

    It is actually better to go to the BPS Security Log page and click the Turn Off Error Logging button, but you can also do this manually if you prefer that. Thanks.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘[Resolved] BPS and Wayback Machine’ is closed to new replies.
Skip to toolbar