Support » Plugin: BulletProof Security » Can't access a file in a folder on my site when using an apostrophe, 403 error

  • Resolved isaacl

    (@isaacl)


    I have a few separate folders in the root folder of my site.
    Until today, everything seemed to be working correctly, but today, I had an issue when doing a search on a non-WordPress related file – any search that included an apostrophe (‘), which gets translated to %27, comes up with a 403 error.
    I checked the Apache logs, and I found this:
    [Thu Feb 06 16:26:18 2014] [error] [client x.x.x.x] client denied by server configuration: /home/username/public_html/wp-content/plugins/bulletproof-security/403.php, referer: http://domain.com/folder/file.php
    Any ideas what could be causing this?
    Thanks a lot!

    https://wordpress.org/plugins/bulletproof-security/

Viewing 15 replies - 1 through 15 (of 67 total)
  • Plugin Author AITpro

    (@aitpro)

    you can either allow the single quote code character or do not allow it in Query Strings, searches, URL’s, etc.

    http://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939

    Thread Starter isaacl

    (@isaacl)

    Thanks!
    Will I have to edit that every time a new version comes out?
    Or will it automatically keep those settings there?
    And thanks for all your hard work on the plugin!

    Plugin Author AITpro

    (@aitpro)

    When you add code to BPS Custom Code it is saved permanently.
    Very welcome!

    Thread Starter isaacl

    (@isaacl)

    Thanks a lot!

    Thread Starter isaacl

    (@isaacl)

    One more question – has anything changed in that code since that post?

    Plugin Author AITpro

    (@aitpro)

    Yes, that Forum Topic has been updated recently (i believe sometime in the last 2 weeks) and does contain the newest/most current BPS Query String Exploits .htaccess code.

    Thread Starter isaacl

    (@isaacl)

    Awesome, thanks!!

    Thread Starter isaacl

    (@isaacl)

    One more thing – when I try to save the custom code, it tries to direct me to http://domain.com/#bps-tabs-7, which takes me back to the main site, instead of what I assume should be http://domain.com/wp-admin/admin.php?page=bulletproof-security/admin/options.php#bps-tabs-7
    Any idea why that’s happening?

    Plugin Author AITpro

    (@aitpro)

    hmm that is odd.
    Go to the Security Modes page and put BPS in Default Mode and then try and click the Save Root Custom Code button. that will tell you if something is wrong with your root .htaccess file/code.

    Thread Starter isaacl

    (@isaacl)

    It only seems to happen once I paste the new BPSQSE BPS QUERY STRING EXPLOITS code, and it doesn’t actually save, but if I go into the custom code tab, and save it as is, without adding anything, it saves correctly…

    Plugin Author AITpro

    (@aitpro)

    Ok I kind of thought that might be what is going on. My next psychic guess is that the code contains some hidden formatting.

    Do these steps.

    Go to the htaccess File Editor tab page, click on the secure.htaccess tab, scroll down in the contents of the file until you come to the BPS Query String Exploits section of code, copy the BPS Query String Exploits section of code to this Custom Code text box: CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS: Modify Query String Exploit code here and then click the Save Root Custom Code button.

    Example:

    # BEGIN BPSQSE BPS QUERY STRING EXPLOITS
    ...
    ...
    ...
    # END BPSQSE BPS QUERY STRING EXPLOITS
    Plugin Author AITpro

    (@aitpro)

    …is that the code contains some hidden formatting…

    During the copy and paste it is possible depending on how the copy and paste was done that the code now contains hidden formatting. for example if you copy .htaccess code to a Microsoft Word doc it will be instantly corrupted and contain hidden formatting. 😉

    Thread Starter isaacl

    (@isaacl)

    No go.
    Any chance you can take a quick look at it? I’ll give you login info to the site…
    Thank!

    Thread Starter isaacl

    (@isaacl)

    And if I just save the first and last lines, it seems to save…

    Plugin Author AITpro

    (@aitpro)

    The only logical explanation I can think of that makes sense is that something is blocking some of the .htaccess code. Something like mod_security SecRules/SecFilters or possibly just another plugin that you have installed either intentionally or some sort of conflict or possibly your theme.

    Deactivate all of your plugins except for BPS and test.
    Temporarily switch your theme to a WordPress theme: 2011, 2012, 2013 or 2014 and test.

    Let me know what happens.

Viewing 15 replies - 1 through 15 (of 67 total)
  • The topic ‘Can't access a file in a folder on my site when using an apostrophe, 403 error’ is closed to new replies.