Support » Plugin: BulletProof Security » redirect with url passed in querystring

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author AITpro

    (@aitpro)

    Yes, that is simulating an RFI hacking attempt/attack.
    To allow/whitelist this you would first try this whitelist method to whitelist the “open.php” file.

    User Avatar – avatar images not displaying for custom images 403 error

    Plugin Author AITpro

    (@aitpro)

    Did the RFI/Misc file whitelisting method work? If so, please resolve this thread. If not, post the security log entry for this from your BPS Security Log. You can hide the orgin/referer domains/urls, but I would need to know if the domains are the same domain or different domains.

    Thanks, but I am non-technical and do not understand how to edit this code, eg is: (blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame) necessary just to whitelist one file (open.php) on my domain?

    log code below, I changed real domains for mydomain.com, otherdomain.com

    [403 GET / HEAD Request: September 17, 2014 – 1:24 pm]
    Event Code: BFHS – Blocked/Forbidden Hacker or Spammer
    Solution: N/A – Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 86.160.192.206
    Host Name: host86-160-192-206.range86-160.btcentralplus.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://mydomain.com/test.php
    REQUEST_URI: /open.php?url=http://otherdomain.com/form.html
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36

    open.php works if I move it to another (non-BPS protected) domain, so if no simple solution I will go with that.

    Plugin Author AITpro

    (@aitpro)

    Try this first (replace example.com with your actual domain name):

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Only Allow Internal File Requests From Your Website
    # To Allow Additional Websites Access to a File Use [OR] as shown below.
    # RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR]
    # RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.*
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F,L]
    RewriteCond %{REQUEST_URI} (open\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    RewriteCond %{HTTP_REFERER} ^.*example.com.*
    RewriteRule . - [S=1]

    Since another domain is involved and several files then you may need to whitelist all files involved and the other domain (replace example.com with your actual domain name, replace “otherdomain.com” with your actual other domain name, replace the file names with the actual file names):

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Only Allow Internal File Requests From Your Website
    # To Allow Additional Websites Access to a File Use [OR] as shown below.
    # RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR]
    # RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.*
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F,L]
    RewriteCond %{REQUEST_URI} (open\.php|test\.php|form\.html|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    RewriteCond %{HTTP_REFERER} ^.*(example.com|otherdomain.com).*
    RewriteRule . - [S=1]

    1. Copy the modified TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE code above to this BPS Root Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page, click the Create secure.htaccess File AutoMagic button and activate Root Folder BulletProof Mode.

    Thanks for your reply. For simplicity I decided to host open.php on another domain as it is used to redirect to multiple other domains.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘redirect with url passed in querystring’ is closed to new replies.