This Plugin Planet tutorial explains how to go about identifying and resolving any false positives that may happen when using BBQ Pro.

BBQ Pro is a very powerful firewall that blocks a wide range of malicious requests. It uses sets of customizable patterns to scan incoming requests and protect your site. This means that occasionally there may be cases where BBQ blocks access to a page that should not be blocked — aka, a false positive. If this happens, or you suspect that BBQ Pro is blocking some legitimate URL, don’t panic; it only takes a few minutes to identify and resolve any false positive.

Step 1: Is it BBQ?

First disable BBQ Pro and try requesting the URL. This will tell you if BBQ is in fact blocking the request. If the URL is accessible when BBQ is deactivated, then continue to the next step. Otherwise, stop here: the issue is not with BBQ Pro.

Tip: by setting a custom error message in the plugin settings, it will be easier to verify whether or not BBQ is blocking the URL (visit BBQ Pro settings ▸ “Custom Message”).

Step 2: Enable All Settings

Once you have verified that the URL is blocked when BBQ is enabled, the next step is to enable the plugin completely. To do so, enable the following settings:

  • Enable all patterns (Basic, Advanced, and Custom)
  • Disable the setting to ignore logged in users
  • Enable the setting to limit URL requests to 255 characters
  • Enable Strict Mode

This will enable BBQ Pro’s full protective capacity.

Step 3: Troubleshooting

Once BBQ Pro’s settings are completely enabled, you can begin troubleshooting by disabling the settings one at a time and testing the blocked URL after each. For example:

  1. Open a new tab and request the blocked URL
  2. If still blocked, then disable Strict Mode
  3. Try again requesting the blocked URL
  4. If the URL remains blocked, disable the “255 characters” setting
  5. Try again requesting the blocked URL
  6. If the URL remains blocked, enable the “ignore logged in” setting
  7. Try again requesting the blocked URL
  8. If the URL remains blocked, disable Custom Patterns
  9. Try again requesting the blocked URL
  10. If the URL remains blocked, disable Advanced Patterns
  11. Try again requesting the blocked URL
  12. If the URL remains blocked, disable Basic Patterns

At this point, all BBQ patterns are disabled and your final test should go through without being blocked (because BBQ effectively is not enabled). If at any point during the troubleshooting, the URL does not get blocked by BBQ, then you know that the last step that you performed is involved with the blocked request.

Step 4: Testing Patterns

Lastly, if you discover that the blocked URL is the result of one of the sets of patterns (i.e., Basic, Custom, or Advanced), then you may continue troubleshooting by testing patterns. Here is an example, for whichever set of patterns is blocking the URL (e.g., Advanced Patterns):

  1. Disable the Request URI patterns
  2. Retest the blocked URL
  3. Disable the Query String patterns
  4. Retest the blocked URL
  5. Disable the User Agent patterns
  6. Retest the blocked URL

..and so forth until the URL is no longer blocked. That will tell you exactly which subset of patterns is blocking the URL. At this point you can either take an educated guess by examining the blocked URL and comparing with the various patterns; chances are that you’ll be able to spot the offending pattern, disable it, and call it a day.

Otherwise, if you want to continue methodically testing the remaining patterns, you can use the halving method to quickly narrow things down and identify the pattern.

The halving method is just what it sounds like: you disable half of the patterns, and try again the blocked request. If it is not blocked, then you know that the offending pattern is located somewhere in the set of patterns that you just disabled. Otherwise, if the URL remains blocked, then you know that the offending pattern is somewhere in the other half of patterns.

And you continue from there, halving down the possibilities until you discover the exact pattern. It sounds tedious, and can be, but is an effective way to isolate specific items.

Step 5: Disabling Patterns

Once you have identified the offending pattern, you can disable it by unchecking the box next to it. Remember to save your changes.