• Resolved RafaelDeJongh

    (@rafaeldejongh)


    I’m getting a 403 error when using HTML5 PDF Viewer by Envigeek Web Services (https://www.ads-software.com/plugins/pdf-viewer/)

    I’ve already tried fixing it with searching on the BPS forums and using this code:

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # Remote File Inclusion (RFI) security rules
    # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F]
    # 
    # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
    RewriteCond %{REQUEST_URI} (viewer\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
    RewriteCond %{HTTP_REFERER} ^.*ninavanrompaey.be.*
    RewriteRule . - [S=1]

    But that didn’t seem to work as this is the error log I’m receiving:

    [403 GET Request: February 19, 2017 - 23:18]
    BPS: .54.4
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 2a02:1810:0406:2d00:759d:2758:cad4:02ca
    Host Name: ptr-4chfqzwj07mclb7kju.18120a2.ip6.access.telenet.be
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 2a02:1810:0406:2d00:759d:2758:cad4:02ca
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: https://ninavanrompaey.be/resume/
    REQUEST_URI: /wp-content/plugins/pdf-viewer/stable/web/viewer.html?file=https://ninavanrompaey.be/wp-content/uploads/2017/01/NinaVanRompaey-CV.pdf
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.54 Safari/537.36

    Anyone could assist me with this?

    Thanks in advance!

    • This topic was modified 7 years, 9 months ago by RafaelDeJongh.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author AITpro

    (@aitpro)

    You need to change the file extension from php to html.
    Example: viewer\.php should be changed to viewer\.html

    Plugin Author AITpro

    (@aitpro)

    I have created a new forum that documents this very common problem and solution in this forum topic for this plugin: https://forum.ait-pro.com/forums/topic/html5-compliant-pdf-viewer-for-wordpress-403-error/

    I’m not sure why so many plugin authors use this type of method to open/view files, but it is identical to exactly the same RFI hacking methods that hackers use. Most likely someone started this a long time ago and other plugin authors just keep copying this horrible coding method. ?? There are several other methods to open/view files in a safe standard way.

    • This reply was modified 7 years, 9 months ago by AITpro.
    • This reply was modified 7 years, 9 months ago by AITpro.
    Thread Starter RafaelDeJongh

    (@rafaeldejongh)

    Awesome thanks for the answer and explanation! This pretty much fixed the problem as expected.

    Do you perhaps know any better/safer PDF viewer? I mainly downloaded this one because of its reviews/rates…

    Either way thanks for the assistance!

    Plugin Author AITpro

    (@aitpro)

    Great! Thanks for confirming that worked.

    I don’t have have any experience or knowledge about any PDF viewer plugins beyond finding solutions for this type of problem. I was not saying that the plugin is unsafe. I was just remarking on this very common issue that I have been seeing for many years now. Just logically wondering out loud why this is so common when there are many other better ways to do this same thing. ??

    Thread Starter RafaelDeJongh

    (@rafaeldejongh)

    Haha alrighty, thanks for the additional information.
    Let’s hope in the near future people will understand this and look more into these safe solutions.

    Either way thanks for the help!

    Plugin Author AITpro

    (@aitpro)

    ha ha ha – not likely my friend. ??

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘HTML5 PDF Viewer – 403 Error’ is closed to new replies.