Callback from Payment Gateway Blocked 2

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Jeff Starr

    (@specialk)

    Glad to help. So you provide two links in your post:

    https://domain.com.au/clone/?wc-api=WC_Gateway_Nab_Direct_Post&order=4312&key=wc_order_5c04ecc2051e2&is_crn=0&settdate=20181203&expirydate=122033&callback_status_code=&restext=Approved&fingerprint=62fbc37ba917cdad09d4835c30ffd9f2f4a0dae0&merchant=XYZ0010&refid=WooCommerce4312&pan=444433…111&summarycode=1&rescode=00&txnid=272754&timestamp=20181203091154

    and also this:

    Characters: https://files.swishdesign.com.au/DHK4uY8

    So I am confused as to which URL is blocked, and then the purpose of the other URL. For example, I *think* the first URL is the one that is getting blocked by BBQ. But that second URL, with the “swishdesign.com” domain, what is that for? Is that a part of your site, or is the image something that I should be looking at, and if so, why?

    Please help me to understand so I can help you resolve this issue asap, Thank you.

    Thread Starter ethylsd

    (@ethylsd)

    Hello Jeff,

    Thank you for your quick reply.

    Sorry for the confusion.

    The second link is just a screenshot I took of the characters separated to each other so I could clearly determine the unsafe characters. It is the same link as the first.

    The link that is being blocked by BBQ is the first link.

    Kind regards

    Plugin Author Jeff Starr

    (@specialk)

    Thank you. So the easiest way to determine the offending character(s) is to enter the full URL in your browser, should be blocked right. Next, try removing the last 20 or so characters from the URL and enter it again. If BBQ still is blocking, try removing another 20 characters and try again, etc., until you can determine which characters or string is getting blocked. Basically it’s just a matter of trial and error. Also for best results, disable the BBQ whitelist plugin while testing.

    Also, may I ask where you are getting the BBQ GUI plugin?

    Thread Starter ethylsd

    (@ethylsd)

    Hello Jeff,

    Thank you for your reply.

    I haven’t thought of that method. I will try and test the URL.

    Also, I downloaded the BBQ GUI here:
    https://github.com/LyntServices/bbq-gui

    Kind regards

    Plugin Author Jeff Starr

    (@specialk)

    Thank you ethylsd!

    Let me know the results, or if I can provide any further infos.

    Thread Starter ethylsd

    (@ethylsd)

    Even though period (.) is a safe character, apparently, three consecutive periods or ellipsis causes the URL to be blocked.

    I have whitelisted the ellipsis on the BBQ GUI under the Request URIs field.

    I entered the following characters below:
    \.\.\.

    Thanks, Jeff for all the help!

    • This reply was modified 6 years, 3 months ago by ethylsd.
    Plugin Author Jeff Starr

    (@specialk)

    Awesome glad you got it sorted. And yes three literal dots match many malicious patterns ??

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Callback from Payment Gateway Blocked 2’ is closed to new replies.