Problems with cookies and logged in (whitelist) users

I don’t see any error in the screenshot: NinjaFirewall detected a file upload but didn’t block it. However it sanitizes its name by replacing a character with an ‘X’. If you don’t want it to do that, go to “NinjaFirewall > Firewall Policies” and uncheck “Sanitise filenames” in the “Uploads” section.

Hellp, thanks for answer – this is right url: https://prnt.sc/22xcjcx

Thanks for help and best regards,

Alen

Did you try to disable that rule with the rules editor (NinjaFirewall > Security Rules > Rules Editor” tab)? The rule ID is beside the “CRITICAL” label in the log (it’s blurry in your image).

Hello, yes, but we don’t want to disable this rule, we just want to bypass this rule for logged in users. Thanks for help,

Alen

Which firewall rule is it?
Which IP is logged by the firewall: the user IP or the server IP?
Which plugin is it?
If the user logs out, and then logs in, does the problem still occur?

Hello, sorry for late response

Firewall rule is 252: SQL injection: https://prnt.sc/23dx2a1
Ip is user ip
plugin is our Elementor custom for landings, chevron in this case is added as regular picture in php code and debug mode is not showing any error: https://prnt.sc/23dy2vf in log I see: https://prnt.sc/23dyj4j
if user clear cookies is ok, also if log-out and log in but is bad user – shop manager experience if adding product and can’t change product picture or product name.

Thanks for your help,
Alen

That rule blocks SQL injection with comments. In the code you’re editing, do you see any character such as /* ..... */? I can’t see that in your picture.

Hello, no there is not comment. I just replaced regular path img src=”/wp-content/plugins/..” with wp plugin_dir_url if maybe this will help: https://prnt.sc/23ozlwk

Thanks and best regards,
Alen

Hello, do you see problem in this maybe?

https://prnt.sc/23pw70t

Here is function so user can add url in shortcode for video.

function render_vimeo_responsive($atts)
{
    return '<div style="padding:100% 0 0 0;position:relative;"><iframe src="' . $atts['url'] . '" style="position:absolute;top:0;left:0;width:100%;height:100%;"></iframe></div><script src="https://player.vimeo.com/api/player.js"></script>';
}

add_shortcode('vimeo', 'render_vimeo_responsive');

I don’t see anything that could be blocked by rule 252. This rule search for /* ... */ and then will search for additional MySQL directives.
Something else must be added at the end of the string maybe.
I recommend to temporarily disable the rule for now, it’s not an important rule.
NinjaFirewall uses PHP sessions to whitelist users, here’s an article about how to debug and test if you are whitelisted:
https://blog.nintechnet.com/ninjafirewall-php-sessions-debugging/

Hello,

I did disable this rule – thanks. Is not possible to whitelist logged in users for that kind of rules?

Normally, whitelisted users don’t get blocked but it looks like you may have a PHP session issue. Do you see any error or warning in the NinjaFirewall > Dashboard page?