Thread Starter
juriix
(@juriix)
not working
`# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ – [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]
Plugin Author
AITpro
(@aitpro)
What is being blocked is “wget” in the User Agent String. To allow “wget” in User Agent Strings do the steps in this forum topic > https://forum.ait-pro.com/forums/topic/cron-is-being-blocked/#post-40845
Plugin Author
AITpro
(@aitpro)
Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. I still receive email notifications when threads have been resolved.
Thread Starter
juriix
(@juriix)
Hello,
I tried to comment, but I keep getting the same error
[405 HEAD Request: 2022-06-20 - 19:36]
BPS: 6.4
WP: 6.0
Event Code: BFHS-HEAD - HEAD Request Blocked
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 2a02:4780:9:5::1b
Host Name: lt-bnk-web505.main-hosting.eu
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: HEAD
HTTP_REFERER:
REQUEST_URI: /wp-load.php?import_key=iAaChxUL
QUERY_STRING: import_key=iAaChxUL
HTTP_USER_AGENT: Wget/1.14 (linux-gnu)
Plugin Author
AITpro
(@aitpro)
Oops since it is a HEAD Request then you will also need to allow all HEAD Requests by doing the steps in this forum topic > https://forum.ait-pro.com/forums/topic/split-uptimerobot-whitelist-uptimerobot-bot/page/2/#post-7168
Use the “BPS Pro 11.6+ & BPS free .53.2+” HEAD Request whitelisting htaccess code.
Thread Starter
juriix
(@juriix)
I add this to 12.custom, click setup wizard, but I keep getting blocked.
# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
RewriteCond %{REMOTE_ADDR} !^(2a02:4780:9:5::1b|2001:19f0:5:d6e:5400:1ff:fedf:5c45|2a03:b0c0:3:e0::13e:8001) [NC]
RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405
BLOCK:
BPS SECURITY LOG
=================
=================
[405 HEAD Request: 2022-06-23 - 10:04]
BPS: 6.4
WP: 6.0
Event Code: BFHS-HEAD - HEAD Request Blocked
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 2a02:4780:9:5::1b
Host Name: lt-bnk-web505.main-hosting.eu
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: HEAD
HTTP_REFERER:
REQUEST_URI: /wp-load.php?import_key=iAaChxUL
QUERY_STRING: import_key=iAaChxUL
HTTP_USER_AGENT: Wget/1.14 (linux-gnu)
Plugin Author
AITpro
(@aitpro)
Go ahead and allow all HEAD Requests. Blocking HEAD Requests is not a security thing and is instead a nuisance blocking thing. Use the code below.
# REQUEST METHODS FILTERED
# If you want to allow HEAD Requests use BPS Custom Code and copy
# this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code
# text box: CUSTOM CODE REQUEST METHODS FILTERED.
# See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps.
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F]
#RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC]
#RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]
Thread Starter
juriix
(@juriix)
Nothing has changed, HEAD is still blocked see screen.
LOG https://imgur.com/a/HKZcwTT
12.custom https://imgur.com/a/Roj2QNX
Plugin Author
AITpro
(@aitpro)
Most likely the reason the HEAD Request code is not working is that it is in the wrong Custom Code text box. Cut (not copy) the HEAD Request code out of the #12. Custom Code text box and paste it into this Custom Code text box: 9. CUSTOM CODE REQUEST METHODS FILTERED. Then click the Save Root Custom Code button and activate root folder BulletProof Mode. Let me know if that works or not.
Thread Starter
juriix
(@juriix)
Now it show this:
[403 GET Request: 2022-06-27 - 10:17]
BPS: 6.4
WP: 6.0
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 2a02:4780:9:5::1b
Host Name: lt-bnk-web505.main-hosting.eu
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: HEAD
HTTP_REFERER:
REQUEST_URI: /wp-load.php?import_key=iAaChxUL
QUERY_STRING: import_key=iAaChxUL
HTTP_USER_AGENT: Wget/1.14 (linux-gnu)
Plugin Author
AITpro
(@aitpro)
Ok so you also need to use this fix as well as the HEAD Request fix…
What is being blocked is “wget” in the User Agent String. To allow “wget” in User Agent Strings do the steps in this forum topic > https://forum.ait-pro.com/forums/topic/cron-is-being-blocked/#post-40845