Plugin Author
AITpro
(@aitpro)
Go to the BPS Security Log page, copy the Security Log entry that shows what is being blocked and paste it in your thread reply. So I can see what is being blocked. You can generate a new 403 error by clicking through your product categories. The Security Log entry that you want to copy and paste will be the last log entry in the Security Log file.
-
This reply was modified 4 years, 10 months ago by
AITpro.
Thread Starter
kds26
(@kds26)
Hi, I can see a lot of legitimate blocking of tyring to access wp files but this was one of my requests which was just me clicking through the website, I was going through a lot of categories but I would like to think that this is the behaviour my customers would undertake too. Thanks for your help.
[403 GET Request: 22/07/2021 – 12:35 pm]
BPS: 5.0
WP: 5.7.2
Event Code: BFHS – Blocked/Forbidden Hacker or Spammer
Solution: N/A – Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: 172.68.144.67
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: https://solarcampingaustralia.com.au/product/solar-panels/solar-panels-for-12v-charging/10w-polycrystalline-solar-panel/, https://solarcampingaustralia.com.au/product/solar-panels/solar-panels-for-12v-charging/10w-polycrystalline-solar-panel/
REQUEST_URI: /product/solar-panels/solar-panels-for-12v-charging/65w-shingle-solar-panel-with-black-frame/
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0, Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
Plugin Author
AITpro
(@aitpro)
hmm interesting the URL is duplicated and separated by a comma. Not sure what is causing that issue, but BPS will block a duplicated URL because it simulates an RFI hacking attempt. Use the steps in this forum topic to allow the duplicated URL issue for now > https://forum.ait-pro.com/forums/topic/wp-json-oembed-403-error-wp-jsonoembed/#post-39123 , but I recommend that you try and figure out what could be causing that issue. Could be some sort of issue with Autoptimize or some sort of caching conflict between Autoptimize and CloudFlare. I looked at the Source Code of your site and see that you are using both Autoptimize and CloudFlare. I’ve never seen a duplicated URL like this before separated by a comma. So it may be coming from a plugin or your theme.
Plugin Author
AITpro
(@aitpro)
Oops forgot to mention this > I did see a minor JavaScript error when using Google Chrome Dev Tools on your website. I believe that js error is being caused because you are minifying/compressing/combining js scripts in your Autoptimize plugin. Minifying/compressing/combining js scripts is known to break a lot of plugins js scripts. So you may want to turn that js minification option off in your Autoptimize plugin settings.
-
This reply was modified 4 years, 10 months ago by AITpro.
Thread Starter
kds26
(@kds26)
Hi @aitpro
Thanks for the reply, I have turned off the Autoptimize Optimise JavaScript Code. I have been clicking around now for a while and haven’t seen that error so finger crossed you may have solved the problem.
Thanks again.
Plugin Author
AITpro
(@aitpro)
Yes, it’s very possible that js minification was causing the duplicated URL problem. I have seen some very strange problems caused by using js minification. 😉
-
This reply was modified 4 years, 10 months ago by AITpro.
Plugin Author
AITpro
(@aitpro)
Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.
Thread Starter
kds26
(@kds26)
Hi @aitpro
Had the same problem again.
[403 GET Request: 28/07/2021 - 11:40 am]
BPS: 5.0
WP: 5.7.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: 162.158.5.185
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: https://solarcampingaustralia.com.au/, https://solarcampingaustralia.com.au/
REQUEST_URI: /product-category/sockets-plugs-and-housings/sockets/
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0, Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
I’ll follow the steps to allow duplicate URL issue for now. Any other ideas? I can turn off the autoptimize plugin but it is something that is hard to detect as it seems to be an intermittent issue.
Thread Starter
kds26
(@kds26)
Hi @aitpro
Just a thought, I use CleanTalk. Do you think this may be conflicting? Thanks.
Plugin Author
AITpro
(@aitpro)
That is possible. Any plugins that are doing anything with the Referrer Header field could be part or all of the problem. I’ve never seen a duplicated URL separated by a comma before. My guess would be that either the problem has to do with just your Cloudflare plugin or a combination problem > ie your Cloudflare plugin and something else the does something with Headers. Your CDN settings may have something to do with this problem. I’m not very familiar with Cloudflare or Clean Talk.
Plugin Author
AITpro
(@aitpro)
In general I’ve never seen this before with anyone using CloudFlare directly or from their web host control panel. There are several WP CloudFlare plugins. So this issue could be some kind of bug in a particular CloudFlare plugin.
Plugin Author
AITpro
(@aitpro)
Another possibility is this could be left over cache from before Autoptimize js minification was turned off if you did not purge all cache.
Thread Starter
kds26
(@kds26)
Hi @aitpro
Thanks for the replies. I made sure to purge the plugin caches, but am wondering if I would also need to delete my browser cache?
Definitely a hard one to diagnose as the error is very intermittent. I’ll keep trying. Thanks again.
Plugin Author
AITpro
(@aitpro)
“I have been clicking through my product categories this morning…”. I assume this means that you are clicking through WooCommerce > Products > Categories? Maybe this issue has to do specifically with WooCommerce or an additional WooCommerce plugin or your Theme that is doing something with WooCommerce Product Categories?
On a test site with WooCommerce installed this is the URI that I see in my Browser address bar when clicking through WooCommerce Product Categories: /wp-admin/term.php?taxonomy=product_cat&tag_ID=869&post_type=product&wp_http_referer=%2Fwp-admin%2Fedit-tags.php%3Ftaxonomy%3Dproduct_cat%26post_type%3Dproduct. Are you seeing the same URI or something different?
In any case, I have done several tests on the frontend of your site to simulate this issue as a visitor to your website and the 403 error does not occur. So whatever is causing this issue only appears to occur from your WordPress backend. So this issue would not affect visitors to your website.
Plugin Author
AITpro
(@aitpro)
Intermittent problems or problems that start happening all of a sudden are typically going to be related to things like: php memory/cache/caching plugins/CDN’s/VPN’s/Proxy’s/Load Balancers/Host server problems (new security measures added on Host server (Mod Security, etc.), DNS server/DNS configuration problem, MySQL server timeout, server overloaded, etc.), /Browser problems (corrupt cache, Sessions, Cookies, add-on, extension)/ISP (connectivity)/CloudFlare, Incapsula, etc.
