• Resolved [email protected]

    (@ianfrancisryaneircomnet)


    I am using a third party theme for a site I am developing. The theme uses TimThumb for displaying thumbnail images. I am also using the Bullet Proof security plugin V .49.2 on the site.

    With the Bullet Proof Security secure .htaccess enabled in the root, thumbnail placeholders appear on the frontend instead of the thumbnail images themselves. When I right click on the thumbnail placeholder and select to “View Image” I get the error:

    403 Forbidden Error Page

    If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.

    When I use a default (non Bullet Proof Security) .htaccess in the root then the thumbnail images are displayed as expected.

    Can you advise what I need to do to resolve this issue?

    Many Thanks

    https://www.ads-software.com/plugins/bulletproof-security/

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author AITpro

    (@aitpro)

    Check your BPS Security log and post the error directly related to this issue/problem. If you do not see an error logged for this in the BPS Security log then right mouse click on the thumbnail and choose: Chrome: Copy link address, IE: Copy shortcut, Firefox: Copy Link Location, Safari: Copy Link and paste the link/URL here.

    Thread Starter [email protected]

    (@ianfrancisryaneircomnet)

    Thanks for the reply.

    The script that handles my TimThumb is named tn.php. I have identified that for the script to work I need to add tn.php to the TimThumb rule in my root secure .htaccess as follows:-

    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php|tn\.php) [NC]

    How/where do I change this line such that the change is retained whenever I generate a new secure.htaccess file in Bullet Proof Security? I have tried to apply the change in the file under the “htaccess File Editor” -> “secure.htaccess” tab. However, when I then create a secure.htaccess file under the “Security Modes” tab the new secure.htaccess file does not retain the change to the TimThumb rule that I applied under the under the “htaccess File Editor” -> “secure.htaccess” tab but instead shows the default rule :-

    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]

    i.e. the rule with the inclusion of the tn.php filename.

    Plugin Author AITpro

    (@aitpro)

    Great job on figuring this out! You would add this custom code to BPS Custom Code. This Forum link below has step by step instructions on how to do that.
    https://forum.ait-pro.com/forums/topic/images-not-displaying-after-bulletproof-security-free-plugin-was-enabled-and-configured/#post-3828

    Plugin Author AITpro

    (@aitpro)

    Oops I just realized the step by step instructions are for the other skip/bypass option. Give me a minute and I will update that Forum Topic with step by step instructions for the Timthumb Forbid code.

    Plugin Author AITpro

    (@aitpro)

    Ok the Forum Topic help info has been updated and includes the Timthumb Forbid Custom Code steps now. Thanks.

    Thread Starter [email protected]

    (@ianfrancisryaneircomnet)

    Sorry. Where do I find the updated Timthumb Forbid Custom Code steps?

    Thread Starter [email protected]

    (@ianfrancisryaneircomnet)

    It’s Ok. I figured it out.

    Many Thanks for the help.

    Plugin Author AITpro

    (@aitpro)

    So everything is working correctly now? Thanks.

    Thread Starter [email protected]

    (@ianfrancisryaneircomnet)

    Working perfectly thanks.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Bullet Proof Security and TimThumb’ is closed to new replies.