Contact form messages missed due to false positives

  • Resolved alamana

    (@alamana)


    1 year, 12 months ago

    Today we received warnings about a contact form message a user tried to send us, which they were apparently unable to do due to Wordfence blocking them.

    The reason for the block was “Blocked for Directory Traversal in POST body”

    Unfortunately only the first line of text is visible. Is there anywhere I can see the full text so that I can reply to the message and to view what text may have caused the false positive so we can report it to you?

    Thank you.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @alamana, thanks for reaching out!

    Are you using a custom-written form or one generated from another plugin such as Contact Form 7? This will just help me consider whether there are any known conflicts.

    Would it be possible to also include a screenshot of the expanded Live Traffic entry despite the truncating of the POST body? You can obscure any sensitive information like IPs and include images on the forums by clicking the “+” in a new paragraph block and selecting “Image“, then Upload once you’ve picked a file.

    Thanks,
    Peter.

    Plugin Support wfphil

    (@wfphil)

    Hi @alamana

    Our plugin does not record what someone enters on a form. That also may not be relevant and the from sends a general request that the firewall sees as potentially malicious.

    Please replicate the issue and then use our guide below to add the legitimate request that has been blocked to the firewall allowlist.

    https://www.wordfence.com/help/firewall/learning-mode/

    Thread Starter alamana

    (@alamana)

    Unfortunately I have no way to know what text caused the issue as it was blocked.

    The contact form is an Elementor contact form.

    If we click the “Add param to firewall whitelist” button – what exactly will the added exception be based on? I wouldn’t want to inadvertently disable directory traversal protections.

    It tells me image uploading is disabled, but here’s an imgur link https://imgur.com/a/FjJCf2u

    Plugin Support wfphil

    (@wfphil)

    Hi @alamana

    You have hidden too much in the screenshot. Please send again and only hide your domain name if you want to.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Contact form messages missed due to false positives’ is closed to new replies.