Title: Bing.com Referrer Error Last modified: August 21, 2016 --- # Bing.com Referrer Error * Resolved [casper14209](https://wordpress.org/support/users/casper14209/) * (@casper14209) * [12 years, 4 months ago](https://wordpress.org/support/topic/bingcom-referrer-error/) * Hey guys/gals, it appears that we have found an issue with Bing.com search results when an apostrophe [‘] is included in the search query. I have tracked it back to the BPS Security Plugin and then looked to see if it was present on the ait- pro.com site using this search, * > [http://www.bing.com/search?q=bullet+proof+security+%27&go=Submit&qs=n&form=QBRE&pq=bullet+proof+security+%27&sc=8-23&sp=-1&sk=&cvid=e52a177fe4d94a3782eff882168a22b0](http://www.bing.com/search?q=bullet+proof+security+%27&go=Submit&qs=n&form=QBRE&pq=bullet+proof+security+%27&sc=8-23&sp=-1&sk=&cvid=e52a177fe4d94a3782eff882168a22b0) * clicked the first result to the site and sure enough, issue is on their server too. Tested a query without the apostrophe * > [http://www.bing.com/search?q=bullet+proof+security&go=Submit&qs=n&form=QBRE&pq=bullet+proof+security&sc=8-21&sp=-1&sk=&cvid=4b21b24eee7243a681ac100697ba8864](http://www.bing.com/search?q=bullet+proof+security&go=Submit&qs=n&form=QBRE&pq=bullet+proof+security&sc=8-21&sp=-1&sk=&cvid=4b21b24eee7243a681ac100697ba8864) * and issue is not present. * We just happened to come across this because we have a client that has an apostrophe in their business name. * This ticket is a double purpose, one to see if there is a fix for this that I can implement in the mean time, and to let you guys/gals know about the issue. * My affected site is [http://www.sadiespetproducts.com](http://www.sadiespetproducts.com) running on apache. * [https://wordpress.org/plugins/bulletproof-security/](https://wordpress.org/plugins/bulletproof-security/) Viewing 6 replies - 1 through 6 (of 6 total) * Thread Starter [casper14209](https://wordpress.org/support/users/casper14209/) * (@casper14209) * [12 years, 4 months ago](https://wordpress.org/support/topic/bingcom-referrer-error/#post-4598958) * UPDATE: Disabled all custom code entries and problem is still present. Put in default mode, problem is gone. Bulletproof mode, problem back. * Thread Starter [casper14209](https://wordpress.org/support/users/casper14209/) * (@casper14209) * [12 years, 4 months ago](https://wordpress.org/support/topic/bingcom-referrer-error/#post-4598972) * UPDATE: OK, was able to track it down to this line of code in the .htaccess file. `#RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]` Now I’m outside my knowledge level, any assistance or further information would be appreciated. * Thread Starter [casper14209](https://wordpress.org/support/users/casper14209/) * (@casper14209) * [12 years, 4 months ago](https://wordpress.org/support/topic/bingcom-referrer-error/#post-4598986) * UPDATE: OK, after more research I have found that the %27 in the code line is to make the system deny (forbid) any referrer that has an apostrophe [‘] in the string. Would anybody be interested in commenting on the possible security risk by allowing this on a shopping cart site? I don’t like editing core plugin files as it makes for a pain to update things, and in this case, I’m going to say the developers have added this for good reason. But at this time I really don’t have any choice on this site due to the business name and search volume on this phrase for the client. :-/ * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 4 months ago](https://wordpress.org/support/topic/bingcom-referrer-error/#post-4599084) * The steps to allow the single quote code character/apostrophe in URL’s & Query Strings and permanently save your modified .htaccess code to BPS Custom Code is in the link below. * [http://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939](http://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939) * **Impact to overall website security:** BPS has several overlapping security filters/rules. So by modifying these particular rules/filters in the link above, your website is still protected against SQL Injection attacks. The SQL Injection security filter/rule below will still protect the site from all SQL Injection attacks. The single quote code character is used in most SQL Injection attacks. * `RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\* |union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare |order|script|set|md5|benchmark|encode) [NC,OR]` * Thread Starter [casper14209](https://wordpress.org/support/users/casper14209/) * (@casper14209) * [12 years, 4 months ago](https://wordpress.org/support/topic/bingcom-referrer-error/#post-4599110) * Awesome, thanks! In all my searches that post didn’t come up. Thanks for pointing me in the right direction. Impact is understood, thanks for the useful plugin and information. Have an awesome day. * Thread Starter [casper14209](https://wordpress.org/support/users/casper14209/) * (@casper14209) * [12 years, 4 months ago](https://wordpress.org/support/topic/bingcom-referrer-error/#post-4599111) * Forgot to mark resolved in my last comment. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Bing.com Referrer Error’ is closed to new replies. * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938) * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/) * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/) * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/) ## Tags * [BPS Security](https://wordpress.org/support/topic-tag/bps-security/) * 6 replies * 2 participants * Last reply from: [casper14209](https://wordpress.org/support/users/casper14209/) * Last activity: [12 years, 4 months ago](https://wordpress.org/support/topic/bingcom-referrer-error/#post-4599111) * Status: resolved