Support » Plugin: BulletProof Security » [Plugin: BulletProof Security] Podcast Podcatchers being blocked

  • I’m fairly new to BP but am an enthusiastic supporter 😀 However, as I’ve started implementing this on one of my client’s sites, the security seems to be nixing his podcast downloads.

    Some of his normal listeners are saying that using ‘wget’ no longer works and another has reported that “Radio Downloader” agent is being given a 403 as well.

    Any suggestions on how I can allow this without blowing a giant hole in the security wall?

    The site is set up with subdomains and it’s the main site [nathanlowell.com] that has bulletproof installed. But the subdomain ‘tommw’ is the one that has his podcast.

    Day 438: Chilly Morning

    http://wordpress.org/extend/plugins/bulletproof-security/

Viewing 2 replies - 1 through 2 (of 2 total)
  • I should mention that iTunes is working fine.

    Plugin Author AITpro

    (@aitpro)

    wget is explicitly blocked in the root .htaccess file. You can allow wget by removing it from the BPS security filter(s) in the root .htaccess file. Or it may also be possible to create a skip/bypass rule for the entire “/media” folder on this site using this skip/bypass rule.

    find this code in the root .htaccess file…

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    ...and then add this skip/bypass rule below this code above.
    
    # skip/bypass the /media folder
    RewriteRule ^media/ - [L]

    Or if you just want to remove wget from this security filter in the root .htaccess file then delete wget from this security filter.

    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]

    Most likely you can leave wget in this security filter, but if the Radio Downloader is still being blocked then remove wget from this security filter as well

    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]

    Just an FYI
    This is obviously not a Cron Command line issue, but a safe alternative Cron command line command that is safer to use is lynx -source instead of wget -O. You would simply replace the wget -O command line with lynx -source.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: BulletProof Security] Podcast Podcatchers being blocked’ is closed to new replies.