FG777 download apk,Jili22 vip 204 login philippines.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved JGA
(@jga)

9 years ago

Hi,

I’m using the all-in-one event calendar by time.ly and iThemes Security on some sites.
I’ve noticed that whenever I enable the option “Filter Suspicious Query Strings in the URL” of iThemes Security, I get the following error when you try to navigate through the the dates.

Something went wrong while fetching events.
The request status is: 403
The error thrown was: Forbidden

An example can be seen on: https://www.aikido3b.nl/agenda

Note: I don’t get this error when i’m logged in on my site.

Is this something you can fix?

I tried asking on the all-in-one calendar plugin support page as well: https://www.ads-software.com/support/topic/403-error-in-combination-with-ithemes-security?replies=2#post-7695397

Thanks in advance.

https://www.ads-software.com/plugins/better-wp-security/

Viewing 5 replies - 1 through 5 (of 5 total)

dwinden
(@dwinden)

9 years ago

@jga

Yes, this can easily be fixed.

The simplest thing you can do is disable the “Filter Suspicious Query Strings in the URL”. But you already figured that out …
You don’t have to use all the iTSec plugin settings …
Just use the ones that your WordPress website allows.

Having said that and after visiting the aikido3b site and reproducing the issue I think the error is caused by the ‘request’ string in the URL.

So after enabling the “Filter Suspicious Query Strings in the URL” setting you can try and comment the following line like this from the .htaccess file:

# RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]

Please note this is not a permanent fix. As soon as you click the Save All Changes button in the Settings page of the iTSec plugin the manual fix as described above will be undone …

This can only be fixed permanently in the iTSec plugin code.

dwinden

Thread Starter JGA
(@jga)

9 years ago

@dwinden

To add to that, doesn’t commenting the string you mentioned above pretty much do the same as not enabling “Filter Suspicious Query Strings in the URL” option?

Is it possible to just enable “request” somehow? (allowing the calendar to work, while keeping things as much secure as possible)

dwinden
(@dwinden)

9 years ago

@jga

No, the “Filter Suspicious Query Strings in the URL” setting adds a whole lot more lines to the .htaccess file than only the one I listed in my previous post …

But luckily this allows me make a small correction.
Please ignore my previous manual fix which was incomplete.

To confirm the issue is caused by the ‘request’ string apply the following manual fix to the .htaccess file instead:

RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC]
# RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]

Notice that the preceeding line now ends with [NC] instead of [NC,OR]

dwinden

dwinden
(@dwinden)

8 years, 12 months ago

@jga

If you require no further assistance please mark this topic as ‘resolved’.

dwinden

Thread Starter JGA
(@jga)

8 years, 12 months ago

I’ll See if it works, otherwise I will just disable the Filter suspicious query strings option for now.

Thanks so far.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘403 error in combination with iThemes Security’ is closed to new replies.