-
Posts
-
Dear Sirs
We have been having problems editing the posts, pages and portfolio entries on our website (www.aotag.ch) (see enclosure). Our website uses:
– WordPress 5.5.1
– PHP v7.4.9
– Theme Enfold Child v4.7.6.3
– Avia Layout Builder
– PlugIn BBQ Pro v2.81.
– PlugIn Disable Comments v1.11.0
– PlugIn Display Posts v3.0.2
– PlugIn Enable Media replace v3.4.2
– PlugIn Modern Events Calendar Lite v5.11.5
– PlugIn Page-list v5.2
– PlugIn Polylang Pro v2.8.2
– PlugIn The Events Calendar v5.1.6 (deactivated due to recent comparability issues with Polylang Pro)
– PlugIn The Events Calendar Shortcodde & Block Pro v2.19 (deactivated)
– PlugIn TineMCA Advanced v 5.5.0
– PlugIn W3 Total Cache v 0.14.4
– PlugIn WP File Manager v 6.9We reported this to our service provider who provided the following response:
We use an application firewall to protect the websites. We are one of the few providers that offers this to its customers for free. Therefore, the error message or this behavior is not known to many. The application firewall checks all inputs transmitted to the server in real time for malicious code or suspicious operations and blocks them immediately. You have full access to the logs and the rule set in the application firewall menu in NetConfig. In this way, you can see exactly in the log which operations were blocked by which rule (highlighted in blue).
You use various plugins on your website, the operations of which are classified as dangerous by our firewall and block this call.
We have therefore deactivated the application firewall for your website once, as we do not know which rules are effective due to legitimate operations.
You can reactivate the firewall at any time and deactivate the legitimate operations yourself. We also offer the option of temporarily deactivating the firewall during development.Over the past couple of days we have tried deactivating and reactivating some of the individual rules to understand which rule(s) are causing the problem. We have learned that deactivating rules 941170 and 94210 seem to cause the most problems… 94210 prevents us from editing the posts, pages and portfolio entries on our website and have as such re-activated these rules this morning. As you can see from the attached ErroLlog, from today, there are a number of rules that are interfering with the proper running of our website.
Can you shed any light on these problems and more importantly can you help us to solve the various issues?
Any help you can offer will be most appreciated.
Hi,
Thanks for the error log, your providers firewall is giving false positives, for example:msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data:, javascript: history.back ()This message is saying that the javascript: history.back is an Attribute Injection, which it is, but it’s not an attack on your site.
To correct this your provider will need to disable the appropriate firewall rules, such as:
941170
941210
I see from above these were already identified as the rules to disable.
Another way to test would be to disable all of the rules and then enable one at a time to see which ones cause issues.Best regards,
MikeDo you have any inout regarding rule 1000049… we have no idea what aspiegel.com is?
i.e Pattern match “aspiegel.com” at REQUEST_HEADERS:User-Agent. [id “1000049”]Thanks
Hi,
The rules are specific to your provider, but “aspiegel.com” seems specific to “HUAWEI” mobile devices, are you using a “HUAWEI” device?Best regards,
MikeI’m not aware of any HUWAI devices being used in our company but will check.
Once again thanks for our helpBest Regards
- You must be logged in to reply to this topic.