403 Errors in post submission due to HTML

  • Resolved LABCAT

    (@labcat)


    3 years, 5 months ago

    Hi there,

    On our site we have a form with a field that allows basic HTML to be entered. On a few occasions the WordFence firewall has block users for SQL injection in the POST body.

    Here is an image showing the message from the WordFence firewall:
    https://drive.google.com/file/d/188ayFqA6CNMgWdOVV4yqWQe23zFxHtPw/view?usp=sharing

    We know that these submissions are safe as the users are logged with verified accounts. I believe that we can prevent this error from occurring by whitelisting the url, however couldn’t find any good documentation regarding this on the WordFence site but did find this article:
    https://www.ownerreservations.com/support/articles/403-error-whitelisting-wordfence

    So I have added the following entry to the whitelist:
    URL: /submit/
    Param: request.body[post_content]

    I am not 100% sure that this is correct, so can you please let me know if this will work or needs to be adjusted?

    Also, can you please let me know where I can find documentation regarding this on the WordFence website.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @labcat, thanks for the detailed message and getting in touch.

    The allowlist item you’ve added for /submit/ looks like it should work as it includes the post_content param that shows in your Live Traffic screenshot. You can test whether it is working by submitting data in your form in incognito mode, or a different browser to mimic the activity of a non-administrative visitor to your site. If the user needs to be logged in to submit the form containing HTML, please follow the steps they would have to and try the form out.

    If it doesn’t work, or there are further cases of blocks showing, the allowlist entry you’ve added is actually a manual way of doing what Learning Mode does for you, so it could be worth trying that out in case there are other params or data involved than I can’t see from the cropped data in the Live Traffic entry.

    From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now attempt to submit the form under the same conditions an external site visitor would. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.

    In documentation, Understanding the Allowlist and Allowlisted URLs are provided to help, but the latter will point you to Learning Mode, which is possibly the best direction to take if your manual entry didn’t have the desired effect.

    Let me know how you get on!

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘403 Errors in post submission due to HTML’ is closed to new replies.