The Corner Ad plugin requires 3 whitelist rules.
[403 GET / HEAD Request: June 2, 2015 - 9:13 am] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 202.153.223.248 Host Name: 202-153-223-248.cust.aussiebb.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.ultracut.com.au/ REQUEST_URI: /wp-content/plugins/corner-ad/js/cornerAd.swf?toCall=http%253A%252F%252Fwww.ultracut.com.au%252F%253Fcorner_ad%253D1&alignTo=tr&mirror=true&colorIn=FFFFFF&audioPath=&adUrl=http%3A//www.ultracut.com.au/_brochures/2015/_Ultracut%202015%20Brochure.swf&openIn=-1&closeIn=-1&target=_blank&imgPath=http://www.ultracut.com.au/wp-content/uploads/2015/05/Ultracut-2015-Brochure-CORNER-AD-RH-500x500.jpg&isBig=true QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36
1. Requires a Plugin Firewall whitelist rule: A Plugin Firewall whitelist rule should be automatically created by Plugin Firewall AutoPilot Mode. If the Corner Ad swf file whitelist rule is not automatically created then add this whitelist rule to the Plugin Firewall Whitelist Text Area: /corner-ad/js/cornerAd.swf
2. Requires a Timthumb Misc File whitelist rule: Requires whitelisting the cornerAd.swf filename in the TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE security code.
1. Copy the code below to this Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE: Add additional Referers and/or misc file names. IMPORTANT! Change the HTTP_REFERER example.com domain name to your actual domain/website’s name.
2. Save your new custom code by clicking the Save Root Custom Code button.
3. Click the Create secure.htaccess File AutoMagic button on the Security Modes page.
4. Activate BulletProof Mode for your Root folder on the Security Modes page.
# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
#
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (cornerAd\.swf|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*example.com.*
RewriteRule . - [S=1]
3. Requires a Plugin skip/bypass rule:
1. Copy the code below to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page, click the Create secure.htaccess File AutoMagic button, select the Activate Root Folder BulletProof Mode Radio button and click the Activate|Deactivate button.
# Corner Ad plugin skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/corner-ad/ [NC]
RewriteRule . - [S=13]
- This topic was modified 1 hour, 1 minute ago by AITpro Admin.
- This topic was modified 1 hour ago by AITpro Admin.