Support » Plugin: BBQ Firewall » HTTP ERROR 403 – You don’t have authorisation to view this page

  • Resolved goez1x9f6j

    (@goez1x9f6j)


    Recently had an issue with our website https://thebluepill.co.uk where we could not login when BBQ Firewall was activated. The error message received was:

    “Access to thebluepill.co.uk was denied, you don’t have authorisation to view this page. HTTP ERROR 403”

    At first I thought that the issue must be a conflict with a plugin/theme/or core file. But after some investigation this was ruled out.

    The problem was in file: block-bad-queries.php and I had to remove an entry/item in the $referrer_array – apply_filters.

    My question is, will this deletion be restored when the plugin is next updated?

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Author Jeff Starr

    (@specialk)

    Glad to help.

    First for the sake of any others visiting this thread, BBQ normally does not block login or any other legit requests. So what you are experiencing is specific to your site.

    That said, if you need to make changes it is best to use the customize plugin. Otherwise if you alter core files, any changes will be lost in subsequent updates.

    I hope this helps, let me know if I can provide any further infos.

    Thread Starter goez1x9f6j

    (@goez1x9f6j)

    Hello Jeff,

    Thank you ever so much for the quick response.

    Have downloaded the BBQ Whitelist plugin as I would like to whitelist the following pattern: ‘blue\s?pill’.

    I have made the following entry in bbq-whitelist.php:

    $bbq_whitelist_referrer_items = array(‘blue\s?pill’);

    But unfortunately I still cannot access my site.

    Please can you advise where I am going wrong?

    Ps. Would also like to take this opportunity to advise that this issue is site specific.

    Plugin Author Jeff Starr

    (@specialk)

    Not sure, but you might want to try experimenting with other rules, etc. Also check if *any* strings are blocked with the whitelist plugin. If they are, it may be the syntax. If the issue is site specific, then check your other plugins, and so forth until hopefully the issue is identified.

    Thread Starter goez1x9f6j

    (@goez1x9f6j)

    Hello Jeff,

    Thank you for your response.

    In previous comment I mentioned that I thought that the issue must be a conflict with a plugin/theme/or core file. But after some extensive investigation this was ruled out.

    To resolve the issue I removed the following element from the block-bad-queries.php file: ‘blue\s?pill’ in Line 53 – $referrer_array

    You advised that changes would be lost in subsequent updates so I downloaded your BBQ Whitelist plugin in an attempt to whitelist this. With this in mind I restored the entry in block-bad-queries.php (Line 53) and added it to the bbq-whitelist.php file on Line 24: $bbq_whitelist_referrer_items = array(‘blue\s?pill’);

    But unfortunately I get the error: “Access to thebluepill.co.uk was denied, you don’t have authorisation to view this page. HTTP ERROR 403”

    As you can see I know what the issue is but am having trouble resolving it. Would it be better if I purchased BBQ Pro?

    Please help, you are my only hope….

    Plugin Author Jeff Starr

    (@specialk)

    I understand, thanks for refreshing my memory. The whitelist plugin works great on default WordPress site, which you may want to verify on a new, separate installation. I don’t know why it is not working in your specific case, could be an issue with another plugin, theme, server config, etc. No way of knowing without doing some basic investigation. As for pro version, the forum rules here at WordPress.org prohibit any discussion, but you can reach me anytime via the contact form at Plugin Planet. Will respond asap with infos.

    thekendog

    (@thekendog)

    I’m getting a similar issue. When going to /wp-admin and getting redirected to the wp-login.php page with the redirect_to query string, I get a 403 error. When I go directly to wp-login.php without the query string, it works. Deactivating the plugin and everything works as normal.

    Plugin Author Jeff Starr

    (@specialk)

    @thekendog can you let me know the exact steps to replicate the issue on default WordPress install? That way I can follow along and investigate, etc. Thank you

    thekendog

    (@thekendog)

    @specialk I ended up figuring it out. The domain of the site in question has ‘www.pass’ as part of the URL. I had to use the request_uri_items filter in order to remove ‘.pass’ from the list of disallowed strings.

    Plugin Author Jeff Starr

    (@specialk)

    Ok glad you got it sorted. I will look at maybe removing the .pass pattern from the core firewall rules.

    Just had a site that starts with https://www.conf throw this false error as well.

    • This reply was modified 5 months, 1 week ago by thekendog.
    Plugin Author Jeff Starr

    (@specialk)

    Best advice would be to whitelist using the Customize BBQ plugin.

    Yeah I did, just letting you know about some false positives I guess. Not sure if there’s a way around it happening.

    Plugin Author Jeff Starr

    (@specialk)

    Yes there is. It’s the Customize BBQ plugin. That’s why it exists.

Viewing 13 replies - 1 through 13 (of 13 total)
  • You must be logged in to reply to this topic.