Whitelisted 404 URLs not working

A slash / is required to start the sequence. What’s happening there is that the request for the @2x.png which results in a 404 is not counted against the throttling rules for your site. The 404 can result when some browsers request those images even if they are not explicit in the sites HTML. If your site has these images you shouldn’t need to whitelist them since a ‘404 Not Found’ would not be generated when the images are called. Let me know if I’m missing something.

-Brian

Thanks for the quick reply Brian,

As you stated, my settings are correct but it doesn’t seem to work. I also checked this in several websites with wordfence and i have the same problem, what should i do to correct it?

Thanks again for your help

Will you provide a screenshot of what you are seeing when the images are blocked?

Thanks!
Brian

Hi Brain,

Here is a screenshot
https://www.dropbox.com/s/78bxmtn9uqwvp1f/404.jpg?dl=0

Thanks

@beachlizard: That is definitely unusual — it might not be caused by Wordfence, or could be a problem with two plugins combined.

If you view one of those URLs directly, does the image load? Wordfence would normally show a ‘503’ or ‘403’ response code, instead of a 404 / Not Found error.

If you get any of the above error codes when visiting the page, does it still happen if you temporarily disable Wordfence and try to visit the image URL directly again?

-Matt R

Hello WFMattR,

To answer your questions:
– No, the @2x images doesn’t exist.
– When i view directly the url, i get a 404 error not found ( i have a custom 404 page).
– I temporarily disabled other plugins, but i still get “Page not found” error.

Thanks again

Sorry, I may have misunderstood something. If the image doesn’t exist, then a “page not found” error is normal. Wordfence just logs these (along with any other page-not-found errors) because the browser requested them.

In this case, it’s not blocking them, but it does monitor 404’s to see if any IPs visit too many 404 pages (depending on your settings) — but these “@2x” images aren’t counted toward Wordfence’s limits, so it won’t block Safari when it requests too many of these images that don’t exist.

-Matt R

Hello Matt,

Yes, it does block them, it’s true i have verified this many times before posting this and in several websites. Image that several ip’s from real visitors get blocked only because they browse websites from an ipad and Wordfence blocks all @2x images even thought i putted them on the whitelist.

Thanks again for your help

I’m in the same position as beachlizard, and I do not think his original problem has been resolved the way he was hoping for.

My symptoms:

1. Users attempt to access url’s for which I do not have files. This is resulting in 404’s which I expect to happen. What I then want to happen is for Wordfence to exclude these 404’s from it’s limits.

2. I set up whitelist url rules, such as:
/apple-touch-icon*.png

3. I test by visiting https://www.mydomain.com/apple-touch-icon.png which takes me to my custom 404 page. I visit this url 4 times inside a minute, as per my blocking rule, with the expectation that I will not be blocked. However, I am blocked, and the url is logged as though the whitelist rule did not exist. This is happening on all of the sites I have wordfence installed on. I have no other plugins in play.

To summarize, I’m trying to allow a specific url to 404 as many times as a visitor wishes to visit it, without it getting blocked by Wordfence. I’m attempting to do this using a valid Wordfence URL whitelisting, however Wordfence is ignoring the URL whitelisting and blocking the visitor anyway. Please advise.

@maffyew: Thanks for the clarification — next time if you can create a new post that would be helpful though. We try to answer the oldest posts first or topics that keep reoccurring, and when you respond to someone else’s post with the same issue, the thread goes all the way back to the top, delaying the response to the original poster. (You can always include a link to another similar post when creating your own.)

At any rate, the details helped explain the issue, and I’ve verified the problem. It might have been due to a change in the way the option is stored, causing the patterns not to match correctly — I’ve sent this on to our dev team (reference number FB1385), and it will be addressed in a future version. I can’t estimate the date of when it will be included yet.

In the meantime, you would need to relax the rule “If a human’s pages not found (404s) exceed” temporarily, to prevent blocking real visitors.

-Matt R

Any Update on this?

nothing?? I’ve been having the same issue as beachlizard.
No real reason to open another thread is there?

any updates?

Same here, same issue.

Thanks for your help!

Hi chook and jan_german54,
unfortunately this bug has not been at the top of our list but I will see if I can push for it to be fixed. Thanks for checking in.