Support » Plugin: BulletProof Security » Search widget

  • Resolved VBonnefond

    (@vbonnefond)


    Hi,
    How can I use a search widget on WordPress website ?
    When I try a to search a string, I have a “403 forbidden” page.
    It seems to be because of the “RewriteRule ^(.*)$ – [F]” line at the end of in my root .htaccess
    What can I do ?

    Best regards,
    Vincent

    The page I need help with: [log in to see the link]

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Author AITpro

    (@aitpro)

    The problem is being caused by BPS blocking the apostrophe/single quote code character in your search form button name/text.

    Solution for allowing apostrophe’s/single quote code characters in search forms on the frontend of your website: http://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939

    • This reply was modified 6 months ago by  AITpro.
    Plugin Author AITpro

    (@aitpro)

    Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

    Hi,
    I’m sorry I didn’t notice your answer.

    I’ve just tried your solution and nothing has changed : 403 error occurs when I try to search a string in a search widget. It doesn’t matter whether the string includes a single quote or not.
    You can try to search anything in both search widget at http://www.cournonturales.org/nos-actions/ (or whatever page of the site you want)

    On the 403 error page, a PHP error is written too :
    Fatal error: Cannot redeclare bpsPro_Browser_UA_scroll_animation() (previously declared in <root address>/wp-content/plugins/bulletproof-security/includes/functions.php:13) in <root address>/wp-content/plugins/bulletproof-security/includes/functions.php on line 96

    What can I do ?

    Best regards,
    Vincent Bonnefond

    Plugin Author AITpro

    (@aitpro)

    The problem is being caused by BPS blocking the apostrophe/single quote code character in your search form button name/text.

    There may be a couple of different problems occurring.
    Do you have the WP Edit plugin installed > https://wordpress.org/support/topic/php-fatal-error-cannot-redeclare-bpspro_browser_ua_scroll_animation/

    Try BPS troubleshooting step #1 and let me know what happens > https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting

    Hi !

    I don’t use WP Edit plugin but, following your suggestion, deactivating my plugins, I’ve found that Team plugin (https://fr.wordpress.org/plugins/team/) was in conflict. So it is now deactivated.

    The 403 error page still remain for any search through the widget. Deactivating the “Root Folder BulletProof Mode”, the trouble disappears. In fact, it’s logical : as I said in my first message, the trouble seems to deal with the “RewriteRule ^(.*)$ – [F]” line at the end of in my root .htaccess

    Any suggestion ?

    Best regards,
    Vincent Bonnefond

    Plugin Author AITpro

    (@aitpro)

    We will test the Team Showcase plugin to see what the issue/problem is. I tested your search feature and am no longer seeing this PHP error > Fatal error: Cannot redeclare bpsPro_Browser_UA_scroll_animation().

    This code is necessary and is the code that generates the 403 error for any/all security rules: RewriteRule ^(.*)$ – [F]. So this RewriteRule should not be removed since that would mean none of the security rules would generate 403 errors. Or in other words, you would be allowing anything/everything instead of blocking things that should be blocked.

    I still see a 403 error when using either of your search text boxes. So go to the BPS Security Log page and copy and post the most recent Security Log entries in your reply, which show the “test” searches that I did so I can take a look at the Security Log entries to see if they contain clues to what else is being blocked. It appears that more than apostrophes are being blocked, but I am not sure what else that would be at this point.

    • This reply was modified 5 months, 3 weeks ago by  AITpro.
    Plugin Author AITpro

    (@aitpro)

    We will test your search widget plugin: Ajax Search Lite to see if we can reproduce this problem/issue. It could be that BPS is blocking something else in this search plugin itself that is not obvious.

    Plugin Author AITpro

    (@aitpro)

    We tested the Ajax Search Lite plugin and only apostrophes are blocked and nothing else in that plugin.

    Plugin Author AITpro

    (@aitpro)

    Plugin Author AITpro

    (@aitpro)

    I created a forum topic here for how to fix this problem (assuming the problem is being caused by the BPS POST Attack Protection Bonus Custom Code) > https://forum.ait-pro.com/forums/topic/ajax-search-lite-403-error/

    Good job !

    The trouble seems to be fixed. I just added these 2 lines

    # Whitelist Ajax Lite Search Widget POST Requests by Query String
    RewriteCond %{QUERY_STRING} !^s=(.*) [NC]

    at the bottom of my “CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE”, just before the RewriteRule ^(.*)$ - [F] line.

    I hope my website is still protected against attacks…
    Can you confirm that ?

    Best regards,
    Vincent Bonnefond

    Plugin Author AITpro

    (@aitpro)

    Great! Thanks for confirming that worked. Yes, your website is still protected against attacks.

    Many thanks for your great job on BPS and its support.

    Have a great day and an amazing year 😊

    Vincent Bonnefond

Viewing 13 replies - 1 through 13 (of 13 total)
  • You must be logged in to reply to this topic.