Error 403 and iThemes Security

  • Resolved miquelpontes

    (@miquelpontesgmailcom)


    8 years, 11 months ago

    Hello, I have some PHP code to check if a specific file is available before displaying its content on a Google Map, and while iThemes Security is disabled it returns the proper HTTP code 200 for an existing file. When I activate iThemes Security it returns HTTP code 403 (forbidden). I have unchecked the plugin option “Disable Directory Browsing”, but the problem persists. Only by deactivating the plugin my code works as expected.

    This is the code:

    $ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec($ch);
$headers = curl_getinfo($ch);
curl_close($ch);
$satus = $headers['http_code'];
echo 'satus=' . $satus . '.';

    For $url I have the full URL of an existing file, $satus should return 200 but returns 403.

    Any ideas? Thank you very much.

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter miquelpontes

    (@miquelpontesgmailcom)

    Further “playing” with the configuration, I saw that the PHP code functionality is restored back when I UNCHECK the option “Enable HackRepair.com’s blacklist feature”. It does some kind of reconfiguration of the .HTACCESS file that produces this behaviour.

    @miquel

    It’s probably this line in the blacklist that is causing trouble:

    RewriteCond %{HTTP_USER_AGENT} “^$” [NC,OR]

    It makes sure any requests with no User Agent are forbidden (403).

    Add this to your PHP code:

    curl_setopt($ch, CURLOPT_USERAGENT, 'a n y t h i n g');

    … and it will keep working after enabling the iTSec plugin “Enable HackRepair.com’s blacklist feature”.

    ‘a n y t h i n g’ can also be substituted with a valid User Agent String.
    Just make sure the User Agent string is not empty.

    dwinden

    Thread Starter miquelpontes

    (@miquelpontesgmailcom)

    @dwinden,

    I did your change as suggested and it worked just perfectly. Now I can leave the “Enable HackRepair.com’s blacklist feature” turned on.

    Thank you very much !

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Error 403 and iThemes Security’ is closed to new replies.