{"id":5567,"date":"2019-08-26T15:03:39","date_gmt":"2019-08-26T22:03:39","guid":{"rendered":"https:\/\/www.ait-pro.com\/aitpro-blog\/?p=5567"},"modified":"2019-08-26T15:21:21","modified_gmt":"2019-08-26T22:21:21","slug":"whats-new-in-bulletproof-security-pro-14-1","status":"publish","type":"post","link":"https:\/\/www.ait-pro.com\/aitpro-blog\/5567\/bulletproof-security-pro\/whats-new-in-bulletproof-security-pro-14-1\/","title":{"rendered":"Whats New In BulletProof Security Pro 14.1"},"content":{"rendered":"\n\n\n

\n\u2022 Major Redesign|ModSecurity CRS Proofing:<\/strong><\/span>\u00a0Major Redesign|ModSecurity CRS Proofing: The OWASP ModSecurity CRS Core Rule Set installed on web hosts in cPanel breaks numerous Forms\/Features\/Pages and other things in the BPS and BPS Pro plugins. A full detailed list of broken\/fixed\/pending Forms\/Features\/Pages can be found here:\u00a0ModSecurity CRS Proofing<\/a><\/strong>\u00a0In order to speed up the process of getting new BPS and BPS Pro versions released as quickly as possible we are fixing the most critical broken BPS\/BPS Pro Forms\/Features\/Pages first and will then release another BPS\/BPS Pro version that fixes any remaining ModSecurity CRS problems.<\/p>\n

\u2022 Important Note:<\/strong><\/span>\u00a0Some people will experience more ModSecurity CRS problems than other people. That will depend on the particular ModSecurity CRS configuration settings that each web host chooses to use. Some web hosts may choose more restrictive ModSecurity CRS configuration settings than other web hosts.<\/p>\n

\u2022 Solution Methods used:<\/strong><\/span><\/p>\n

\u2022 JavaScript Encryption|Decryption and PHP openssl_encrypt|openssl_decrypt:<\/strong><\/span>\u00a0ModSecurity CRS falsely sees legitimate htaccess code Form data as a threat. JavaScript Encryption|Decryption and PHP openssl_encrypt|openssl_decrypt to encrypt and decrypt htaccess code submitted in various BPS Forms that save and submit htaccess code. Form data is encrypted in POST Form submission to evade\/bypass ModSecurity CRS detection and decrypted in the Form processing code.<\/p>\n

\u2022 View Log Buttons:<\/strong>\u00a0<\/span>ModSecurity CRS falsely sees some log file data as a threat. View Log buttons added to BPS Plugin pages with log files to allow BPS Plugin Page loading instead of loading Log files in an open state when loading BPS Plugin pages that contain log files. Pending additional log file data encryption|decryption redesign work for some BPS Plugin log file pages.<\/p>\n

\u2022 Pending – Body Response\/Source Code:<\/strong><\/span>\u00a0ModSecurity CRS falsely sees BPS Plugin page Body Response\/Source Code as a threat. BPS Plugin page Body Response design for various BPS Plugin pages due to ModSecurity CRS detecting help text and BPS Plugin option setting names in the page Body\/Source Code as malicious and blocking BPS Plugin pages from loading. Limiting the amount of false positives that ModSecurity CRS Anomaly Scoring sees in the Body Response\/Source Code by breaking up BPS Plugin pages so that limited Response Body data\/Source Code is outputted should allow the broken BPS Plugin pages to load by falling under the ModSecurity CRS Anomaly Scoring threshold number that blocks BPS Plugin pages from loading.<\/p>\n

\u2022 BugFix:<\/strong><\/span>\u00a0Setup Wizard: Conditional bug fixed. The Setup Wizard now retains Plugin Firewall On|Off settings.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

\u2022 Major Redesign|ModSecurity CRS Proofing:\u00a0Major Redesign|ModSecurity CRS Proofing: The OWASP ModSecurity CRS Core Rule Set installed on web hosts in cPanel breaks numerous Forms\/Features\/Pages and other things in the BPS and BPS Pro plugins. A full detailed list of broken\/fixed\/pending Forms\/Features\/Pages can be found here:\u00a0ModSecurity CRS Proofing\u00a0In order to speed up the process of getting […]<\/p>\n","protected":false},"author":167,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[393],"tags":[670,671],"class_list":["post-5567","post","type-post","status-publish","format-standard","hentry","category-bulletproof-security-pro","tag-bps-pro-14-1","tag-bulletproof-security-pro-14-1"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/posts\/5567","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/users\/167"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/comments?post=5567"}],"version-history":[{"count":4,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/posts\/5567\/revisions"}],"predecessor-version":[{"id":5569,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/posts\/5567\/revisions\/5569"}],"wp:attachment":[{"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/media?parent=5567"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/categories?post=5567"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/tags?post=5567"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}