Background Request Blocked > blocked by firewall for XSS

  • Resolved wzshop

    (@wzshop)


    4 years, 2 months ago

    Hi,
    All of a sudden WAF shows me the message below, when I try to edit a page with the Advanced Layout Builder from the theme Enfold.

    Background Request Blocked
    Wordfence Firewall blocked a background request to WordPress for the URL /wp-admin/admin-ajax.php. If this occurred as a result of an intentional action, you may consider allowlisting the request to allow it in the future.

    When I dig a little further I find this error message

    https://domain.com/wp-admin/post.php?post=1&action=edit and was blocked by firewall for XSS: Cross Site Scripting in POST body: text=%5Bav_textblock%20size%3D”%20av-medium-font-size%3D”%20av-small-font-size%3D”%20av-mini-font-size… at https://domain.com/wp-admin/admin-ajax.php

    Why is this happening? Do I need to worry or can I safely ignore/whitelist this?
    Thanks

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @wzshop and thanks for reaching out to us!

    Learning Mode should resolve this issue if you know is a request you made and its not malicious. From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions that were causing issues. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.

    https://www.wordfence.com/help/firewall/learning-mode/ is an amazing resource for learning more about the WAF and learning mode.

    Thanks!

    Thread Starter wzshop

    (@wzshop)

    Hi WFAdam,
    Thanks for getting back to me.
    I understand what you are saying, it is just that I don’t know what request it is actually doing. Therefore I am not sure if it is malicious or not. All I’ve found is what I mentioned above. Can I find more about the request that is being made?

    Thanks again.

    Plugin Support WFAdam

    (@wfadam)

    It looks like something is requesting the admin-ajax.php to make edits on a page. I would venture a guess at this is normal behavior for your Advanced Layout Builder with your theme but to be sure, I would reach out to their support to make sure.

    Let me know what you find!

    Thanks!

    Thread Starter wzshop

    (@wzshop)

    Hi,
    I contacted the theme admins and they told me that the theme does use the admin-ajax.php file, so all seems to be fine.
    Thanks

    Plugin Support WFAdam

    (@wfadam)

    Thanks for letting us know!

    If you have any other questions, please feel free to reach out!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Background Request Blocked > blocked by firewall for XSS’ is closed to new replies.