Suspicious Query Strings Bug
-
I’m running iThemes Security Version 4.2.2 and WordPress 3.9.1 with nginx.
I noticed some issues with scripts loading on edit pages in the WP admin. It seems that some of the security features I’ve enabled through the plugin are incompatible with something on the edit page. The only thing out of the ordinary is Yoat SEO’s metabox.
The following was returning a 403 when editing a post:
https://xxx.com/wp-admin/load-scripts.php?c=1&load%5B%5D=jquery-core,jquery-migrate,utils,quicktags,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-sortable,postbox,underscore&load%5B%5D=,backbone,wp-util,wp-backbone,media-models,plupload,json2,wp-plupload,mediaelement,wp-mediaelement,media-views&ver=3.9.1I disabled the following lines in my nginx config:
# location ^wp-includes/(.*).php { deny all; }
# location ^/wp-admin/includes(.*)$ { deny all; }
# if ($args ~* “(globals|encode|localhost|loopback)”) { set $susquery 1; }
# if ($args ~* “(request|select(?!ed)|insert|concat|union|declare)”) { set $susquery 1; }
# if ($args ~* “(%0|%A|%B|%C|%D|%E|%F)”) { return 403; }This seems to have fixed the issue, but I’m not entirely sure what it may have been as none of these args or locations was in the request.
- The topic ‘Suspicious Query Strings Bug’ is closed to new replies.
