client denied by server configuration

  • Resolved Steve

    (@puddesign)


    4 months, 2 weeks ago

    Hi Recently installed a payment gateway plugin and it wont work unless I disable Lock and Protect System Folders, which obviously I’m not keen on doing.

    If this option is not disabled after the customer clicks pay they get a 404 forbidden error.

    And we see this in the error log:

    “client denied by server configuration: /wp-content/plugins/payment-gateway/public/3d-secure-form.php, referer https://www.website.com/checkout/”

    The plugin works by embedding a payment form, the integrations methods available are:

    Hosted
    Hosted (Embedded)
    Hosted (Modal)
    Direct 3-D Secure

    We’ve gone with Direct 3-D Secure, not sure if that maybe the issue as I’m not sure what that is but it sounded the most secure lol.

    Is this normal for a plugin like this to need system lock folders disabled and if so how can I add an exclusion to /wp-content/plugins/payment-gateway/public/3d-secure-form.php

    I’ve used a few different payment gateways and never had this issue, I have also contacted the plugin developer but still waiting to hear back.

Viewing 1 replies (of 1 total)
  • Plugin Support Pavel Dosev

    (@pdosev)

    Hello Steve,

    The lock and protect feature of the plugin adds the following rules in a .htaccess file in the wp-content folder:

    # SGS Directory Hardening
    <FilesMatch "\.(?i:php)$">
      <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
      </IfModule>
      <IfModule mod_authz_core.c>
        Require all denied
      </IfModule>
    </FilesMatch>
    # SGS Directory Hardening END

    As you can see, it blocks all requests for PHP files. If you would like to allow access to this specific file you can add the rules below to the .htaccess file:

    <Files "3d-secure-form.php">
      <IfModule !mod_authz_core.c>
        Order allow,deny
        Allow from all
      </IfModule>
      <IfModule mod_authz_core.c>
        Require all granted
      </IfModule>
    </Files>

    The whole file should look like this:

    # SGS Directory Hardening
    <FilesMatch "\.(?i:php)$">
      <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
      </IfModule>
      <IfModule mod_authz_core.c>
        Require all denied
      </IfModule>
    </FilesMatch>
    # SGS Directory Hardening END

    <Files "3d-secure-form.php">
      <IfModule !mod_authz_core.c>
        Order allow,deny
        Allow from all
      </IfModule>
      <IfModule mod_authz_core.c>
        Require all granted
      </IfModule>
    </Files>
Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.