Support » Plugin: BulletProof Security » Legit bot blocked ?

  • Resolved theophil_bethel

    (@theophil_bethel)


    Hi,

    I’ve a brand new site now online protected by BPS free. Looking at the Security Log File, I find many recorded events like the one below. It seems like the blocked bot is a google owned one but I’m not sure looking at the HTTP USER AGENT text.
    I’ve registered my site on the Search Console and have a Google Analytics code on every page/post so Google bot is active on it.
    Is it really a google’s bot ? If yes have I something to do to fix the blockage ?

    Many thanks !
    Theophil

    ——————————————————————-

    [403 GET Request: 29 mars 2022 - 20h53]
    BPS: 5.9
    WP: 5.9.2
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: GDPR Compliance On
    Host Name: <strong>23.162.77.34.bc.googleusercontent.com</strong>
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: GDPR Compliance On
    HTTP_FORWARDED: GDPR Compliance On
    HTTP_X_FORWARDED_FOR: GDPR Compliance On
    HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
    REQUEST_METHOD: GET
    HTTP_REFERER: 
    REQUEST_URI: /
    QUERY_STRING: 
    <strong>HTTP_USER_AGENT: Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author AITpro

    (@aitpro)

    The Host Name is a valid Google Host Name.
    Palo Alto Networks is partnered with the Google Cloud product/project.

    So what that means is that Palo Alto Networks is legit and is using Google’s host servers.

    There is nothing in the Security Log that tells me what is being blocked. Typically that means something is being done using JavaScript or Python that is being blocked. I checked your site and do not see any 403 errors using Google Chrome Dev tools.

    Your web host offers Cloud hosting. So I assume that they use Google Cloud. My guess is that Palo Alto Networks is using JavaScript or Python to scan your site and something in the JavaScript or Python scanning code is being blocked by BPS.

    Based on the text description in the user agent field, Palo Alto Networks scans websites to collect data about websites. So that scan would not affect your website in any way. If you want to hide/ignore these Security Log entries you can use the Security Log > Add User Agents|Bots to Ignore|Not Log option. Use this value: paloaltonetworks.com.

    Plugin Author AITpro

    (@aitpro)

    Did this answer all of your questions? If so, please resolve this thread. If not, please post any additional questions you may have. Thanks.

    Thread Starter theophil_bethel

    (@theophil_bethel)

    OK, that’s clearer for me now.
    Thank you !
    I resolve the thread.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.