Customer gets blocked when ordering

  • Resolved arnikab

    (@arnikab)


    3 years ago

    Hi,

    A customer is getting blocked on the checkout page and this message is being shown:

    A potentially unsafe operation has been detected in your request to this site. Your access to this service has been limited (HTTP response code 403).

    Do you know what could be causing it?

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @arnikab and thanks for reaching out to us!

    A 403 would mean the WAF is blocking them from something it thinks is malicious. Most likely a form that has a character in it, which the WAF is mistaking for an XSS attack.

    If you navigate to Wordfence > Tools > Live Traffic, you should be able to locate this 403 block. Click on the block to expand the details, then share with me the block reason here. Make sure to edit out any personal data.

    Thanks again!

    Thread Starter arnikab

    (@arnikab)

    Hi Adam,

    Thanks for replying!

    Do you mean the finding the customer who got blocked? I have found the user however it is flagged as human. Details below:

    Activity Detail
 Birmingham, United Kingdom left https://doodle-bag.com/my-account/ and logged in successfully as "NAME". https://doodle-bag.com/my-account/
17/11/2021 19:11:25 (22 hours 44 mins ago)  
IP: 86.13.209.142 Hostname: cpc158315-king14-2-0-cust397.19-1.cable.virginm.net
Mozilla/5.0 (Linux; Android 10; SM-G960F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36

    thanks,
    Arnika

    Thread Starter arnikab

    (@arnikab)

    Hi Adam,

    We have had a number of customers with this same problem now.
    see link for screenshot of page.
    https://ibb.co/M6FG0sp

    I have done what you suggested but i cannot see the 403 block.

    Please advise ??

    Thanks, Arnika

    Plugin Support WFAdam

    (@wfadam)

    Sorry for the delay!

    I recommend trying Learning Mode for the WAF to learn these actions are not malicious. Leave Learning Mode on for a few days to let it gather information.

    From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions that were causing issues. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.

    https://www.wordfence.com/help/firewall/learning-mode/ is an amazing resource for learning more about the WAF and learning mode.

    Let me know how it goes!

    Thanks again!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Customer gets blocked when ordering’ is closed to new replies.