404 errors caused by Hummingbird Assets

I'm using Defender 404 lockouts and it locked some users out when due to 404s returned by Hummingbird optimized files.
So I'm looking for a way to whitelist all the files coming from /uploads/hummingbird-assets/

  • Predrag Dubajic

    Hi Charly,

    This is certainly something that shouldn't be happening so I was doing some extensive testing but couldn't replicate the issue.
    I did manage to get my browser to load non-existent HB files from cached results, but that didn't throw any 404 errors so Defender didn't block me.

    As I understood this happened to account of yours that is used for testing purposes?
    Do you know if logs added him while he was logged in or while viewing the site as a visitor?

    I also pinged our developers about this to see if they can replicate it or shed some light on what might have caused this behavior.

    Best regards,
    Predrag

  • Charly

    Hi There,

    No it wasn't one of my accounts, it was one of the site owners testing for me.
    When they first visited the site, the style sheet didn't load and then after trying to refresh and navigating to a couple of other pages, they were blocked.

    You can see the block in the logs on the site for IP blocks in Defender.

    I white listed after that to get the testing done. Around that time, the site started displaying for them.

    The particular visitor had not visited the site before , so the load was a new one.
    When they had problems with the display, they cleared their browser cache and restarted their browser. They also tried a second browser (IE was first, Chrome was second) and had the same display issues.

    They can't confirm but I suspect there was a proxy cache involved in the chain somewhere.

    The issue is - if that is the case, I need to be able to whitelist assets that are created by Hummingbird so they don't throw the 404 exception that gets flagged by Defender.

  • Predrag Dubajic

    Hi Charly,

    Apologies for the delay here, our developers are still looking into this and trying to find what's going on, we are doing multiple tests on multiple installations but are unable to replicate this issue, and excluding an entire folder can be a security issue so it wouldn't be the best solution in this case.

    We are still doing some tests and will update you here as soon as we have some further information.

    Best regards,
    Predrag

  • Predrag Dubajic

    Hi Charly,

    We were doing some extensive testing but none of our installations are able to replicate this issue.
    It seems that there was some proxy caching on your end that affected the user and cached HB files, and when they were re-created that caching didn't update to new files and caused Defender to block the user.

    Do you perhaps have any kind of Cloudflare caching enabled and could you try disabling that and see if the issue happens again so we can see if that was indeed the issue here?

    Best regards,
    Predrag

  • Charly

    My apologies, I missed this request!

    As I said, I suspect that the visitor was using a cacheing proxy server - through their corporate facility. So you are correct in that, just not Cloudflare.

    And that is the issue and why you can't recreate it. What I'm suggesting is that the 404 detection be able to set to ignore Hummingbird assets in case this happens again. I certainly don't want to whitelist the folder, but using Regex or even a checkbox that says "ignore Hummingbird cacheing assets" would work.

    I haven't noticed the problem again but it is still a concern that it might occur.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.