Follow @BPSPro

Whats New In BulletProof Security Pro 14.1

Comments Off RSS Site Feed Author: AITpro Admin
Published: August 26, 2019
Updated: August 26, 2019

• Major Redesign|ModSecurity CRS Proofing:
 Major Redesign|ModSecurity CRS Proofing: The OWASP ModSecurity CRS Core Rule Set installed on web hosts in cPanel breaks numerous Forms/Features/Pages and other things in the BPS and BPS Pro plugins. A full detailed list of broken/fixed/pending Forms/Features/Pages can be found here: ModSecurity CRS Proofing In order to speed up the process of getting new BPS and BPS Pro versions released as quickly as possible we are fixing the most critical broken BPS/BPS Pro Forms/Features/Pages first and will then release another BPS/BPS Pro version that fixes any remaining ModSecurity CRS problems.

• Important Note: Some people will experience more ModSecurity CRS problems than other people. That will depend on the particular ModSecurity CRS configuration settings that each web host chooses to use. Some web hosts may choose more restrictive ModSecurity CRS configuration settings than other web hosts.

• Solution Methods used:

• JavaScript Encryption|Decryption and PHP openssl_encrypt|openssl_decrypt: ModSecurity CRS falsely sees legitimate htaccess code Form data as a threat. JavaScript Encryption|Decryption and PHP openssl_encrypt|openssl_decrypt to encrypt and decrypt htaccess code submitted in various BPS Forms that save and submit htaccess code. Form data is encrypted in POST Form submission to evade/bypass ModSecurity CRS detection and decrypted in the Form processing code.

• View Log Buttons: ModSecurity CRS falsely sees some log file data as a threat. View Log buttons added to BPS Plugin pages with log files to allow BPS Plugin Page loading instead of loading Log files in an open state when loading BPS Plugin pages that contain log files. Pending additional log file data encryption|decryption redesign work for some BPS Plugin log file pages.

• Pending – Body Response/Source Code: ModSecurity CRS falsely sees BPS Plugin page Body Response/Source Code as a threat. BPS Plugin page Body Response design for various BPS Plugin pages due to ModSecurity CRS detecting help text and BPS Plugin option setting names in the page Body/Source Code as malicious and blocking BPS Plugin pages from loading. Limiting the amount of false positives that ModSecurity CRS Anomaly Scoring sees in the Body Response/Source Code by breaking up BPS Plugin pages so that limited Response Body data/Source Code is outputted should allow the broken BPS Plugin pages to load by falling under the ModSecurity CRS Anomaly Scoring threshold number that blocks BPS Plugin pages from loading.

• BugFix: Setup Wizard: Conditional bug fixed. The Setup Wizard now retains Plugin Firewall On|Off settings.

Skip to toolbar