• Resolved d2.roth

    (@d2roth)


    We have been having some really odd issues with getting blocked from multiple of our sites and I have narrowed it down to ModSecurity getting triggered because of the iFrame code that is in use.

    This was the error we were getting in our Firewall logs when our IP address got blocked:
    # lfd: (mod_security) mod_security (id:214540) triggered by xx.xx.xxx.xx: 5 in the last 3600 secs – Fri Jun 12 13:03:12 2020

    Doing some research this came down to the fact that ModSecurity looks for invisible iFrames, width:0 and height:0, that are also display:none. They do have an exclusion though for Google Tag Manager iFrames but their exclusion is very specific and requires the iFrame’s src to start with:
    https://www.googletagmanager.com/ns.html?id=GTM

    So my solution is simply to modify wp-content/plugins/wk-google-analytics/lib/Loader.php and change line 75 so it includes the “https:” as part of the url. Thus line 75 becomes:
    <iframe src="https://www.googletagmanager.com/ns.html?id=<?php echo $TAG_MANAGER_ID; ?>"

    The iFrame tag also lines up with what Google Tag Manager gives you as well so making the change to add “https:” into the source code should not cause other problems.

    I hope this can be added to a plugin update and that it helps someone else with phantom problems

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author WEBKINDER

    (@webkinder)

    Hi @d2roth
    First of all thank you for your very detailed bug report. We are happy to tell you we included it in a new release 1.8.1.

    If you may find another bug and you are able to solve it yourself like you did here there is the possibility to open a pull request in the GitHub Repository here: https://github.com/webkinder/google-analytics. If you have any feature request you may also open an issue there. I also added a new disclaimer for that in the readme.

    Regards
    WebKinder

    Thread Starter d2.roth

    (@d2roth)

    Hey WebKinder,
    Will do. I couldn’t find it when I initially searched on GitHub but I now see the link in the readme here.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Triggers ModSecurity Rule 214540’ is closed to new replies.